hxxps://lootdest[.]com/s?nVNm

Analysis

max time kernel
147s
max time network
161s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
21-05-2024 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lootdest.com/s?nVNm

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

modest-menu.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ modest-menu.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	modest-menu.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

modest-menu.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	modest-menu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	modest-menu.exe

Executes dropped EXE 1 IoCs

Processes:

modest-menu.exe

pid process

6076 modest-menu.exe

pid	process
6076	modest-menu.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\modest-menu_v1.0.0_[kiddionsmodmenu.com]_\modest-menu.exe	themida
behavioral1/memory/6076-686-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp	themida
behavioral1/memory/6076-687-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp	themida
behavioral1/memory/6076-688-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp	themida
behavioral1/memory/6076-689-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp	themida
behavioral1/memory/6076-690-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp	themida
behavioral1/memory/6076-692-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp	themida
behavioral1/memory/6076-691-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp	themida
behavioral1/memory/6076-693-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

modest-menu.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA modest-menu.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

modest-menu.exe

pid process

6076 modest-menu.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	modest-menu.exe

pid	process
6076	modest-menu.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings msedge.exe
NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\modest-menu_v1.0.0_[kiddionsmodmenu.com]_.zip:Zone.Identifier msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings	msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\modest-menu_v1.0.0_[kiddionsmodmenu.com]_.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemodest-menu.exemsedge.exe

pid	process
3396	msedge.exe
3396	msedge.exe
2076	msedge.exe
2076	msedge.exe
3084	msedge.exe
3084	msedge.exe
4400	identity_helper.exe
4400	identity_helper.exe
2052	msedge.exe
2052	msedge.exe
6076	modest-menu.exe
6076	modest-menu.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

Processes:

msedge.exe

pid	process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

AUDIODG.EXE7zG.exe

description	pid	process
Token: 33	2236	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2236	AUDIODG.EXE
Token: SeRestorePrivilege	952	7zG.exe
Token: 35	952	7zG.exe
Token: SeSecurityPrivilege	952	7zG.exe
Token: SeSecurityPrivilege	952	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2076 wrote to memory of 2020	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2020	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2500	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 3396	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 3396	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe
PID 2076 wrote to memory of 2244	2076	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lootdest.com/s?nVNm
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa7a103cb8,0x7ffa7a103cc8,0x7ffa7a103cd8
2⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
2⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
2⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
2⤵
PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
2⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
2⤵
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5144 /prefetch:8
2⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
2⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5548 /prefetch:8
2⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
2⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
2⤵
PID:236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
2⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
2⤵
PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
2⤵
PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
2⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
2⤵
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
2⤵
PID:5780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
2⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
2⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
2⤵
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
2⤵
PID:5976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
2⤵
PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
2⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7544 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,11594567861337036769,13302199918653379345,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3312 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5868

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\modest-menu_v1.0.0_[kiddionsmodmenu.com]_\" -ad -an -ai#7zMap22102:144:7zEvent2663
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:952

C:\Users\Admin\Downloads\modest-menu_v1.0.0_[kiddionsmodmenu.com]_\modest-menu.exe
"C:\Users\Admin\Downloads\modest-menu_v1.0.0_[kiddionsmodmenu.com]_\modest-menu.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:6076

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
3b16ec8ed9626d649359283d42e30442

SHA1
ae73c2e74b3e233344ace0b344caf252ece2d1a2

SHA256
37678d156025725d63c091934d1c5acf346602ed3343dad089c2f0c1399e1315

SHA512
3a0ebf5083d8fb07b844a83a780e36c9f00145ffb61b97fb8915f14db65be54fe54cb6e22a5c68c00ce46dcb262795a170c9bbe7b1ae885feb8c355c7244792e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
4a562e7e6504f530a81097e515c64330

SHA1
4dcd76abe0a61e16e39793b78c16fd92191e084d

SHA256
2e888cc618e4158ae5da346f90ea262d9558e68e160b20af5a248818e78441eb

SHA512
e875562f8a72ae122c38e4925c6b99e47cc085911ebac5b61d86c9222f1b888b95831d397a34ddd05a2ccc4758ccaa16d048213d0916a0a85199f7d9853da133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
07442b01d004a86a7ace94252b0c55dd

SHA1
ac09707a914bde0ebb27c9be1a06c6d2c20e9ea6

SHA256
40464491b155c6b3dd1849ab9fd8104e4a688c011faa2705998802620b480ec8

SHA512
12b4bd0e60f1a358522a2f074721d95f46df9ab7d60b8bd27fb5db1cf8e826db659e6ebe578756e405f882e96a158a698006a35ba6031101835eb11242e96791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
916c04e24ac6f5f87800b58daf96eaf7

SHA1
871f3ee9afd559b2129d6e7771d65239cc071695

SHA256
6273fcfa353232349648f95b19b2f656154795f40416c737cb15a3f13b269c45

SHA512
4012af91030dcfe24465842cb6cefc6d5aaf1de2743e4bc3cac7ba29240f910e4aa19f8151adaea3068f5aa1d2fedef97b3d3f6c9f4ad1dd0a6e8027c4c237d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
dcc48abf3bc50e4b2de6f3d634ac256b

SHA1
45ebc6a9e5c6d31db6fb6602ef9aac1bdf5e0fa3

SHA256
a73ff98de2b44c8fbe6862aabe84bd550734992393b73d17c31174dc16520708

SHA512
46e4fb70b8df60f6a8adaed21b0eeb01f65bd4c6ccd7987fea0403d16a092fe1502207861e1674aec105739ed8d1c5d6aaa746d23f3b55827d6d66342cb4e161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
0097b3342356cac8bea84f22bda332e8

SHA1
5e119f9f263edf55ac466c4b1fbec73349bf1a15

SHA256
b640ce3739ab1d575f03180c249567e7e7917a4c1f0228b1139f7ff657f96c93

SHA512
3ea1773ecd05d7cfdc3b3dff7a7a51faed13b4b8bceddc7ff114d2503af69ccd235bd18b6d9d045815fd309781eef2e5ecf1cb20898532fe86d94d7f71511c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
7cb8f28f009e599e665db4446f39fb5b

SHA1
9cfcf4e87cf3237f4f962325d00cf79d135d79f3

SHA256
3c214ddad3ae5e7a3f4765c819ed67bb24c20e486b4ae7b336792c040324c299

SHA512
318f6f514b55bb84c6d3961367ba2a1ce4ff5d69993e61b084319d30d2f126b773eeb73ed43eb1be02e74fc02d5cea911b76de6d3e544126cef5554337a5d1ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
f85de99b43884e63df636e443ce92d0c

SHA1
7521518560c6f900c4a566b3f254e910f6706b83

SHA256
3c749bc6c958fab84a3a2a1eba56fbc6c19de9f0109c94c9813f39735eaa836c

SHA512
a6b9abdbb6125d85836472bed58fe86809a2d5f7fb535bc13ad9cafdd270cd6592ec391fa2b03a33acc082f19dd0f206e1ed5839697d20204f8bf0211c6e130f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
3cc18eae0fb67d06939a6110dc13a320

SHA1
88bbeef3886cb1ed0f4445aa9e9c39d53f718ffc

SHA256
7215a91faa8ce9734779bd5fc02b7b4ce5d4dc043b006b4e65bc47987f0f8ba0

SHA512
e14cf66aa7ad29e5da9d9f83c0a5cb1746f3c8e5be4f2c8ff6c55da71db13f72502bc7a865052c6908bd45bba60380070e38c248cc419eeb972a84883c43a546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
57ac48eae35132dae8a2b1b8860f1bb2

SHA1
12d8f61e51440fe7b0b899e29c9dc41e30a9ea9b

SHA256
63b3589ff347ce1b77cd0ca0aff9c01c6eb888ef9c20bd40787209e43f40f677

SHA512
4d397030e376baf7b8c9b6e16178454e4102b91a3faf7e5df5395e33305db5293a55321b7e5f058c2e976a38ef4ca9ac68b146f991eef2506b40b1f7751dfa82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
d46da09fc39121ccc65fa7c03d431d53

SHA1
e8c43f83273da9964ebe7089cdef413530fabd73

SHA256
4f1fb0124adf540a2f89554a8aeeb65540ae52656bf39da2ca878a1ec60808c0

SHA512
14f2d98ae014b893940d07392727caa62bf4b3fb15f2860147c037ba9aab656fd291a0c708262bb35c4b90dd7cfd78d3d7aee19bceee3bf18d70f625e4db90f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eaae.TMP
Filesize
1KB

MD5
9312191270c8879192a4d549836a1f1e

SHA1
6af49bb92cfa9ef1ba9ff2013eac047882a18e11

SHA256
ee11525275bd597c80314622c55b60b5de55f8a87026ad7da19e2709aa300751

SHA512
53d9c0fea0c2ff8ec8464e3a5a4782a109d8f1a0ea46e158d159fd1e584351321f53b5ed1e5071efa6cd3ffa74f360ff51144e008137ce841e0b81ac104243e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0a4cb124508c8394d2d2e3b284e9ecfe

SHA1
a32c2f0b03d351d7e3c03aac69597e8cfc2aa204

SHA256
fed4b276964de3ce68cdb765feac4859312dec7450a919a8eaa59c24927f9f0e

SHA512
dc0e52acd248747c708b44d68fbf84b33f330afdc4d7a9de07351ea547816e88629e4f77c35f708e04071f58a61dbb3c84c62d7d32649d19b34d799454641cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
2f15cd8b548a3365ee3cfcdfe06e4192

SHA1
38c1599decb59b1b5ecb823885161eb6c1635826

SHA256
c85e6389471b4e3b00e49c969f364af2f758bf8664dbd8001b0036dbef77215c

SHA512
1a969f333981e36e191b8c1281a37735215909fce5137bd96533b57d31fc04e5a2909c8868b19f3c9928b5111ad4653eb850fd5117cff97e9f326f873c211710

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
11KB

MD5
af031abf2664d2d58ee039d43095651a

SHA1
13037e92355cbd5f3608c1d1c8a3db44b3e94f18

SHA256
f8b49eda50919efc0eb140e9b4c6ea43886f54818470841041b02cc72496f392

SHA512
6dab42bc9336ddd5569c232751bc04cea02e00c0a16ea1aed09f4d8b7803da0dbed5dab110aeec7007f5ca416d43c5dae953176719c8723b34c74b5f1c0834af

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 952522.crdownload
Filesize
16.8MB

MD5
13b33baf9597ae6ddc68fa9634af16f1

SHA1
57f3a723634ec00b4f09d066bc0607084cc4b6e5

SHA256
75a3295f8c688359fcb7555b80e3f71ee42c5ac1d4525a39b2571107acf06a45

SHA512
ed38d6150cbeae60451b74ae50af1bbbaf035924fdd266cf8a8fc8b84fe403dcb689185d1a9b5db048f1c11106a1a655d14d4833c7593512c5661d4c587a2e1c

Download Submit
C:\Users\Admin\Downloads\modest-menu_v1.0.0_[kiddionsmodmenu.com]_.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\modest-menu_v1.0.0_[kiddionsmodmenu.com]_\modest-menu.exe
Filesize
16.9MB

MD5
ce03d8db32b901caba01fa8b1beefe54

SHA1
76377cea7317bd28af0ccaab276bd49360936a9d

SHA256
a568e2a4d89ab76ab9ff11b30bf320dcc4413353660678c51abc79863ff3c1c4

SHA512
40ef98ee1dd411d3f634f9fe1ccdac0bc8fa5d13b1392ac5d045bf130db6efc5ebae48298d02a732fe634af953af10c004d54c3a4d5862b7f9cd6736f6ddbfca

Download Submit
\??\pipe\LOCAL\crashpad_2076_XPORQEUWZOLXNMXR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6076-687-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp

Filesize
42.1MB

Download
memory/6076-688-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp

Filesize
42.1MB

Download
memory/6076-689-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp

Filesize
42.1MB

Download
memory/6076-690-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp

Filesize
42.1MB

Download
memory/6076-692-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp

Filesize
42.1MB

Download
memory/6076-691-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp

Filesize
42.1MB

Download
memory/6076-693-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp

Filesize
42.1MB

Download
memory/6076-686-0x00007FF7BE7D0000-0x00007FF7C11DF000-memory.dmp

Filesize
42.1MB

Download