Analysis Overview
Threat Level: Known bad
The file https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/ was found to be: Known bad.
Malicious Activity Summary
WarzoneRat, AveMaria
Warzone RAT payload
Executes dropped EXE
Adds Run key to start application
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-24 12:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-24 12:46
Reported
2024-02-24 12:50
Platform
win10v2004-20240221-en
Max time kernel
181s
Max time network
202s
Command Line
Signatures
WarzoneRat, AveMaria
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe | N/A |
| N/A | N/A | C:\ProgramData\WinDefend.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Defender SmartScreen = "C:\\ProgramData\\WinDefend.exe" | C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532526029614081" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92fc69758,0x7ff92fc69768,0x7ff92fc69778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4976 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5336 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x304
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5716 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Celesty\" -spe -an -ai#7zMap25737:76:7zEvent21996
C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe
"C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe"
C:\ProgramData\WinDefend.exe
"C:\ProgramData\WinDefend.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe
"C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe"
C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe
"C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5996 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:2
C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe
"C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6484 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 --field-trial-handle=1876,i,13441643828443418471,1776861849750362790,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rutube.ru | udp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.233.248.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.rutube.ru | udp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.230.248.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pic.rutubelist.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | captcha-api.yandex.ru | udp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 5.255.255.70:443 | yandex.ru | tcp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| US | 8.8.8.8:53 | static.rutubelist.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | ads.adfox.ru | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | 70.255.255.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| RU | 77.88.21.179:443 | ads.adfox.ru | tcp |
| US | 8.8.8.8:53 | cdn.uxfeedback.ru | udp |
| RU | 193.17.93.93:443 | cdn.uxfeedback.ru | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.93.17.193.in-addr.arpa | udp |
| RU | 193.17.93.93:443 | cdn.uxfeedback.ru | tcp |
| US | 8.8.8.8:53 | api.expf.ru | udp |
| RU | 51.250.15.190:443 | api.expf.ru | tcp |
| US | 8.8.8.8:53 | 164.137.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.15.250.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pretarg.adhigh.net | udp |
| RU | 91.220.120.9:443 | pretarg.adhigh.net | tcp |
| US | 8.8.8.8:53 | log.rutube.ru | udp |
| RU | 178.248.234.78:443 | log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | log.rutube.ru | tcp |
| US | 8.8.8.8:53 | log.strm.yandex.ru | udp |
| RU | 87.250.251.15:443 | log.strm.yandex.ru | tcp |
| US | 8.8.8.8:53 | widget-api.uxfeedback.ru | udp |
| US | 172.67.217.229:443 | widget-api.uxfeedback.ru | tcp |
| US | 8.8.8.8:53 | tracking.datadrivenpromotion.com | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.120.220.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.234.248.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.217.67.172.in-addr.arpa | udp |
| RU | 193.106.95.138:443 | tracking.datadrivenpromotion.com | tcp |
| US | 8.8.8.8:53 | data.24smi.net | udp |
| US | 104.22.40.74:443 | data.24smi.net | tcp |
| US | 172.67.217.229:443 | widget-api.uxfeedback.ru | udp |
| US | 8.8.8.8:53 | tns-counter.ru | udp |
| RU | 194.226.130.227:443 | tns-counter.ru | tcp |
| US | 8.8.8.8:53 | pic.rutube.ru | udp |
| US | 8.8.8.8:53 | goya.rutube.ru | udp |
| US | 8.8.8.8:53 | px.adhigh.net | udp |
| US | 8.8.8.8:53 | www.tns-counter.ru | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 193.232.148.134:443 | px.adhigh.net | tcp |
| RU | 193.232.148.134:443 | px.adhigh.net | tcp |
| US | 8.8.8.8:53 | 138.95.106.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.40.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.130.226.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.148.232.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-st.ritm.media | udp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.vigo.one | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | bl.rutube.ru | udp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| RU | 178.248.233.148:443 | bl.rutube.ru | tcp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| US | 8.8.8.8:53 | river-1.rutube.ru | udp |
| RU | 185.62.100.8:443 | river-1.rutube.ru | tcp |
| US | 8.8.8.8:53 | 100.105.188.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.100.62.185.in-addr.arpa | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| GB | 3.162.20.94:443 | sb.scorecardresearch.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| US | 8.8.8.8:53 | 931221.log.rutube.ru | udp |
| RU | 87.245.202.4:443 | 931221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | 94.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 941221.log.rutube.ru | udp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | 4.202.245.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 13.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.125.203.66.in-addr.arpa | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs302n129.userstorage.mega.co.nz | udp |
| CA | 162.208.16.39:443 | gfs302n129.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 39.16.208.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | yast.rutube.ru | udp |
| RU | 178.248.234.78:443 | yast.rutube.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutube.ru | tcp |
| RU | 178.248.234.78:443 | yast.rutube.ru | tcp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | 951221.log.rutube.ru | udp |
| RU | 87.245.202.4:443 | 951221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| RU | 178.248.234.78:443 | yast.rutube.ru | tcp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
Files
\??\pipe\crashpad_468_YPBQLERBOYFIXDPE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 712fed37e22fe78db9ff19a679881f0e |
| SHA1 | f6b50eea1f8ddefdb81399b65e8902fb098dd3ee |
| SHA256 | 340805d63691675739cad24e00e5cd28c85377497084d51457c932a4cb9c4a6c |
| SHA512 | 4e4e77ae9a2278f50ad149acc028132f5bac582ef9e988db1e5f3120fcb4592d185cb41dd9ac304fd0fe3d33ae80baee2a3a7cdbb86c3477c94bf35e2a0a5198 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c0e08111e26989dce8698611ca75c69e |
| SHA1 | 46bac7505566269e1684b3fdb02142b1faac838e |
| SHA256 | 207dbb78db9cb6d05155e0ba89365e7b5cc1fd826c1823da37dc9716da241899 |
| SHA512 | 8a420227443d61b9b87003c9efd238b5996685d74534de207c1ed0aefc2d65465fa1a4ac073c4e9138917788fbd625610de1685615a4d0df45f46a65588f80fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | 49b9b2580905738c46aade76e6bd7a7e |
| SHA1 | bb35da1ef90984bf9ecc09ae785d8f9cf24564a6 |
| SHA256 | 6290c8faa758b1f1f0d68e189a926e764fd8dda7fa75bbe75196a2c1e4daf7fd |
| SHA512 | a4443ef082df1cb85c9d7fa83d7a63ba5903054030dc7aa2e97609b43302c0b3a13a0bdf5f634201c574d9802f30bad91245420e765d86091a57a74daa487947 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b10e256a4c15ef22b2270d2e1770072f |
| SHA1 | 032a9ba48dff9acb82ddaae917b85a1c8579c121 |
| SHA256 | 68760e6bc03da4b625b72dc529e5abeab803c55c366b4fadc2390fc82ccab959 |
| SHA512 | fc60c59339dddcb3f8ea6119d998393e1e7737276f4502b3e2c2085883bdc57fa276e695885b2bb6efe1eb9feb4f8d1a69afcabecf7828b1919a669be6fe121d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1a63df944f6f53830439a1b8fe5e7fd9 |
| SHA1 | b8e973bf28960862de3dfef0b6fa0c7d33951274 |
| SHA256 | 2ada2677489aa7b5a718ec1d3cde8afaad18d5b79421e8c47b59003da3a9298d |
| SHA512 | a750283bac32e29507eec4c13c3e51db3cdacc9c06a8ee1728c2858392e8bb9382683f2c16b629d7008ca2e4ab76ef28bc8ba8ec85cf958067d8b1bdec1e6609 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt
| MD5 | c0a0434693ef1a85e26a2ccd63c9dc76 |
| SHA1 | d75ec501e6494a15a62b91745ca35ac42f6b758a |
| SHA256 | 2a0edf8e71c4850682df10267bcf6ee02f6c7c89aa330382d91652bb49f62c04 |
| SHA512 | 7c25e2ef8630169bd2fb5df44d725c9d0668ecf89bb767182b1bc4f964bb89d6137ab918572dbf869c19ebc45e7b68f932f5d5f496637b70cbedf2a02bac8eb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt~RFe57af6a.TMP
| MD5 | 833dc92a1fa985a636dfcd719b352f12 |
| SHA1 | a000aa5d801eef2319ce94851c724a37388db2cd |
| SHA256 | 079ee3ed5cc7c95e53d374eba7baaf7fa65ca5f9e1fae6ab463800f26dc334a9 |
| SHA512 | 4895ba89d25f1f5d116c3c66853889f81421218758a3e731c52cf24a3a66a02717e9941e7d59af0d0063c175597c1ab4a875e663849290b59c320f5b708819d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 874829d0587d125b95265505539ad1c0 |
| SHA1 | 55382744a25b10ad518852129d424b08cf912a76 |
| SHA256 | c45fa55b910805fc0cbc3b091f9d0106b5d7965039c368e43db046e6e00934f0 |
| SHA512 | 58cf13e06bea7a95f789ad33dd074dd4e0517e68f3efb4a0fd40110951f3bc2b164ff2ba97819ba11b1cdcce950ee9280013fc3556c022dd3ff713849473c8b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5107a919aee842b2f3f84244f2152070 |
| SHA1 | ee829b9af5aa05b9c281defbe0caca9e76610282 |
| SHA256 | ec06278ba0042ffc3ae6a3e5e7c339ddcbf27c58965f30799a0d48c06891e9e4 |
| SHA512 | 6f0da9e54aceb537df83ed2fd88d9cb0052ab6566287e478723a8c13c14415f0f670aa506e46d78965176c8135839b678cc98f8235b76c3b303b246fcb5eae39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9b47ba30b7ee780a7935fd756509bf54 |
| SHA1 | d3c835fcf2f430cbe4a24adf6696e88ac19fe96d |
| SHA256 | 58f025307775ce20b5f795755a912dce143057d8df504d7c9a679e8f6474f120 |
| SHA512 | 5a59576aa7e6c179aebe5795753a4bb00fe4c02c42aa50ba711ea59db77d38b111c44f50905246c65e91da1a3a958df9e50a578a7a4bd0d3fe2d17ba8f97c3f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 883ae2a1e194ef656a56fbef27c560ad |
| SHA1 | c15ada810b4ba30fe35740c06c10ccffec9937d0 |
| SHA256 | e57c21bfc36e1e19acc6cf4b045097d523df9696eab8e1fd06e16b75d3b0a8d7 |
| SHA512 | 20c6e0c921b4771f5db797fc1228b7d896d1c2b59dd54409fee5c81d8250a7a8e6fbbe2b6b2e885ce2fd0918141c79fa1f453e29e248e14a5650b8b93392511a |
C:\Users\Admin\Downloads\Celesty.zip
| MD5 | fedc3a27375f81cd890d658678e07058 |
| SHA1 | b08bf3e9df71d4b8c1f37843a122a205b16c52f5 |
| SHA256 | e2098968949c37b9ccdfe772dd68325316720840fc6c9e7b014fbf2ba51c7425 |
| SHA512 | dfabe2fcd27f091dccc9336d5e2a9ff587385332fce2e5244aa2f7dbe65f79f7d8007ee5bbfeca4948ef4e57200f3855b0d7f758774bc80d02abbd6585081344 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e9e974a37b35af9ac38ed4aefdb673e0 |
| SHA1 | c92ce8c738a0e937156e818d97b09a3ef43c8468 |
| SHA256 | fcffdf03f9a491507e27060174f59589f483fecaed92239aaded0a2dd8d1dffb |
| SHA512 | 57489e09bd3a110b4a238cfb86b9f77ce092688b75b6147396b6832c1c39674bd994d0ced60f530e9073dffcf61b6caef51b9fddc09d7e40c8698a6d8b5f02cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e7098568b36efea3e34cbbdd28f153fe |
| SHA1 | 68035375ea18de3b393a3e6dfe7b0307743dbe56 |
| SHA256 | 9b6511f0f618b4467821f1a5a836c772435cc2b06894783172b0035358ff4119 |
| SHA512 | b3666e6c83386c07af12b69c96f83c589d56b0af76b0957522e04f738b872ed82fd0bb08b7e8f939c5d44e5a083dfaf390435a2781a4914c956f793ce31d84f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | dfe9092688fb0eca599c5cd6885113f1 |
| SHA1 | 1573112114d82c115dc59bb4d38f5845081d4e25 |
| SHA256 | 39145af867e563507e60c4f7578c039883cb4146f12f51212a8fe535dabf8d62 |
| SHA512 | e0717b02acb2ce7988afe8e29d55b5b622242c0d67cb70496001522b963b74b298c9a7117abcb20a1b4fa667ce602f57d6dde70892298ff3dae91be471725385 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fafa.TMP
| MD5 | 22d63e047a75b8f80b3fe40de0df6f4d |
| SHA1 | 34155bee5ec60996cd73c4c55ddb9a0b46b05284 |
| SHA256 | 4e78226cc05bca1d789c26fabd22296300c29bad3d6a9f8d90021045c6d842c6 |
| SHA512 | 376fc617da6ce5b9063b2b9452749e09fe7bf3849067f7520556311b88e5229c7b2768cead28e61b4aaff62077cd71f93f979893785eb5bb0ee664fdd0515700 |
C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe
| MD5 | 48b8111a615d7c128bdbee812e202485 |
| SHA1 | 18609579af28054974db5bb2ce48e931f662eb91 |
| SHA256 | 7e6770f76a63eb2ab3cc1bdf182f051a17e906d26edb1a4749bb229d49d22711 |
| SHA512 | d6386be8e1958c6a8d7a000f19d3eec5a706e35137eed38e064a5e16b0036a6a4a948ff8495b25c44acd4d571dac8eea08405d68e0d592d128cefdbffe7ce183 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5a6d597f59b104caf04341eeebf2291 |
| SHA1 | 24920fca84867c634998682159d92ed582cc07f9 |
| SHA256 | eaf7d929c856a04ed5e3bcacb6c5cec7ee4fbf7f59622f7ac496978b864d3dc6 |
| SHA512 | d3d868b4c1d44c18808e9410d5cbd08548bbc7e35c80b34b5dcc400d8925839135a2b0ef668b6c5c38676199fc176430be898679a4e9a37a80074a6559d1a5c6 |
memory/4924-514-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
memory/4924-515-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
memory/4924-516-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
memory/4924-520-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
memory/4924-521-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
memory/4924-523-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
memory/4924-524-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
memory/4924-525-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
memory/4924-526-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
memory/4924-522-0x000001A7F6870000-0x000001A7F6871000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f3a13fddc846547bd31526edeb961c3d |
| SHA1 | 4bf3039c25bf84adb91ac319f246bc48a467e05f |
| SHA256 | 31b84ae739a0951498740ee24e6958ceb76d16a442db6ffb54a8ea25f8d41db2 |
| SHA512 | ec9a2e3f0fd9f8519e36c3258e769b6e2fe1e07b6e7dd3fa756f7607b7ed9f35a05275c5a24b4d33d365c8cba097830d1e765bd290b88656ab09bbd85bad7fbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6d682de9bfe3cfe2c7f01be863c50a91 |
| SHA1 | 07389cb371d4888625822a16f6a3f1e7053541ab |
| SHA256 | b671ec85b826a7ef360042500b3d532a5726555c4428315395e35c3975244970 |
| SHA512 | 5fc6d78f51de2cec42f2d44a594076a9827ac28a9e9890248597ee269d5215f32cbd5e3c70d802f491b8196a7c45b44d77697616484bbed4abcc4a438e92e38c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 052da32f47f17d79fe2b311687687e03 |
| SHA1 | ab0ba1023c873384ab849cba2d73af26f24cfa6f |
| SHA256 | 6786b64196a745232681f850ca724c60f98656baaac9f8faa0ebc897f1f6035f |
| SHA512 | 10047542f6eec3c7a70e49ac0212da44f2dc5487f3b7b531105d2e799bfd9b739bbbebb4fe4354db756f4574616daf4ea1287eb90b10b788ead0dcc38944a83c |
C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe
| MD5 | 7e3d3660aacc52f56353c3aa22c3480e |
| SHA1 | 9fc5ff728191cb0135d8e3bab3a7be8d48fbb00c |
| SHA256 | 1ddfb191dd853aba5214d922096fbf131410cd30413f3913dae89f1c63b6db02 |
| SHA512 | f09096e402dc12f86e981571e4e10fee295e53a577d74282bb13013bac96efe9093f34927d60056202d7b17488cd6aed14739ec8367066ff73c01a1b6f29b13e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 639f425a6c6d475b0b303d5751fed5ba |
| SHA1 | c8a43f0038774ddd977c17ecb40e8ea2cc0fe8bd |
| SHA256 | b04f9bd28ce696351a8125fe0049ac270f3bbc811ad34ac3253c98273871f621 |
| SHA512 | 9fde675177321c311327d1dd28bcb137d99816654cb39c393586e162638292611168370cd8dbd1db2d68e85857144a7bc15d4685fa6f925b651ed88447a77df6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c2cd97a3de9e1da84ee72271f9522606 |
| SHA1 | e19f5490ef55babcb35e4e323e6ab41e43efc73e |
| SHA256 | 769c4a5944ec5260842b1b77b4a88679914257e19edd2e18eb09a29c7e33ba08 |
| SHA512 | 1cb3f1929eaa43b2bcba8964bd128f60b157ead66e556aafb38e38db062e5c3debb622df2e5612d31a1ec28c3ba8001f6a512fd94ed5943105f2d718697adc49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |