Analysis Overview
SHA256
75a3295f8c688359fcb7555b80e3f71ee42c5ac1d4525a39b2571107acf06a45
Threat Level: Likely malicious
The file download_v1.0.0.zip was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Themida packer
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 19:38
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 19:38
Reported
2024-06-10 19:41
Platform
win7-20240215-en
Max time kernel
57s
Max time network
140s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\modest-menu.exe
"C:\Users\Admin\AppData\Local\Temp\modest-menu.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67d9758,0x7fef67d9768,0x7fef67d9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1300 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3180 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3200 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1936 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2540 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1968 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=780 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=840 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3656 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4144 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3756 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3948 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1096 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3584 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3860 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3908 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4240 --field-trial-handle=1336,i,501354045266461341,12909156021211767685,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.250.179.195:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.169.42:443 | waa-pa.clients6.google.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | waa-pa.clients6.google.com | udp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| NL | 142.250.179.195:443 | id.google.com | udp |
| US | 8.8.8.8:53 | superuser.com | udp |
| US | 172.64.144.177:443 | superuser.com | tcp |
| US | 172.64.144.177:443 | superuser.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.sstatic.net | udp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 172.64.147.34:443 | cdn.sstatic.net | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | pub.doubleverify.com | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | qa.sockets.stackexchange.com | udp |
| US | 172.64.152.233:443 | qa.sockets.stackexchange.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com | tcp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | stackoverflow-privacy.my.onetrust.com | udp |
| US | 172.64.155.119:443 | stackoverflow-privacy.my.onetrust.com | tcp |
| US | 8.8.8.8:53 | 4fc8b8c58d6d40b01492b9e0c4ca11e6.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.65:443 | 4fc8b8c58d6d40b01492b9e0c4ca11e6.safeframe.googlesyndication.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | community.spiceworks.com | udp |
| US | 45.60.13.212:443 | community.spiceworks.com | tcp |
| US | 45.60.13.212:443 | community.spiceworks.com | tcp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| US | 45.60.13.212:443 | community.spiceworks.com | tcp |
| US | 45.60.13.212:443 | community.spiceworks.com | tcp |
| US | 45.60.13.212:443 | community.spiceworks.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | global.discourse-cdn.com | udp |
| US | 8.8.8.8:53 | cdn.ziffstatic.com | udp |
| US | 8.8.8.8:53 | cdn.static.zdbb.net | udp |
| US | 8.8.8.8:53 | sea1.discourse-cdn.com | udp |
| DE | 143.204.98.70:443 | global.discourse-cdn.com | tcp |
| DE | 143.204.98.70:443 | global.discourse-cdn.com | tcp |
| DE | 143.204.98.70:443 | global.discourse-cdn.com | tcp |
| DE | 143.204.98.70:443 | global.discourse-cdn.com | tcp |
| DE | 143.204.98.70:443 | global.discourse-cdn.com | tcp |
| DE | 143.204.98.70:443 | global.discourse-cdn.com | tcp |
| SE | 92.123.135.82:443 | cdn.static.zdbb.net | tcp |
| BE | 2.17.196.144:443 | cdn.ziffstatic.com | tcp |
| BE | 2.17.196.144:443 | cdn.ziffstatic.com | tcp |
| BE | 2.17.196.144:443 | cdn.ziffstatic.com | tcp |
| BE | 2.17.196.144:443 | cdn.ziffstatic.com | tcp |
| DE | 18.245.86.42:443 | sea1.discourse-cdn.com | tcp |
| DE | 18.245.86.42:443 | sea1.discourse-cdn.com | tcp |
| DE | 18.245.86.42:443 | sea1.discourse-cdn.com | tcp |
| DE | 18.245.86.42:443 | sea1.discourse-cdn.com | tcp |
| DE | 18.245.86.42:443 | sea1.discourse-cdn.com | tcp |
| DE | 18.245.86.42:443 | sea1.discourse-cdn.com | tcp |
| BE | 2.17.196.144:443 | cdn.ziffstatic.com | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.18.32.137:443 | stackoverflow-privacy.my.onetrust.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| DE | 143.204.98.70:443 | global.discourse-cdn.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| DE | 13.224.186.120:443 | c.amazon-adsystem.com | tcp |
| DE | 18.245.86.42:443 | sea1.discourse-cdn.com | udp |
| DE | 13.224.186.120:443 | c.amazon-adsystem.com | tcp |
| DE | 143.204.98.70:443 | global.discourse-cdn.com | udp |
| US | 45.60.13.212:443 | community.spiceworks.com | tcp |
| US | 45.60.13.212:443 | community.spiceworks.com | tcp |
| US | 8.8.8.8:53 | avatars.discourse-cdn.com | udp |
| US | 8.8.8.8:53 | emoji.discourse-cdn.com | udp |
| NL | 185.172.149.104:443 | emoji.discourse-cdn.com | tcp |
| NL | 185.172.149.104:443 | emoji.discourse-cdn.com | tcp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | zdbb.net | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | gurgle.spiceworks.com | udp |
| IE | 63.34.2.42:443 | zdbb.net | tcp |
| US | 44.205.212.213:443 | gurgle.spiceworks.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| DE | 13.224.186.120:443 | c.amazon-adsystem.com | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| DE | 18.245.31.65:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| DE | 108.138.8.164:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| FR | 2.23.118.34:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb.minutemedia-prebid.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| IE | 52.19.15.175:443 | hb.minutemedia-prebid.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | gurgle.zdbb.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 44.205.212.213:443 | gurgle.zdbb.net | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| GB | 216.58.213.2:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| DE | 3.127.112.86:443 | aa.agkn.com | tcp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| BE | 23.55.96.210:443 | stags.bluekai.com | tcp |
| US | 8.8.8.8:53 | d2697e31d19ae15a3a0bf53ccbf7ec22.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | d2697e31d19ae15a3a0bf53ccbf7ec22.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | jogger.zdbb.net | udp |
| SE | 92.123.135.82:443 | cdn.static.zdbb.net | tcp |
| US | 8.8.8.8:53 | tags.bkrtx.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 3.212.181.63:443 | jogger.zdbb.net | tcp |
| FR | 23.217.254.57:443 | tags.bkrtx.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | dsum.casalemedia.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 104.18.36.155:443 | dsum.casalemedia.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| NL | 185.172.149.104:443 | emoji.discourse-cdn.com | tcp |
Files
memory/3012-0-0x000000013FB50000-0x000000014255F000-memory.dmp
memory/3012-1-0x0000000076FB0000-0x0000000076FB2000-memory.dmp
memory/3012-4-0x000000013FB50000-0x000000014255F000-memory.dmp
memory/3012-3-0x000000013FB50000-0x000000014255F000-memory.dmp
memory/3012-2-0x000000013FB50000-0x000000014255F000-memory.dmp
memory/3012-6-0x000000013FB50000-0x000000014255F000-memory.dmp
memory/3012-7-0x000000013FB50000-0x000000014255F000-memory.dmp
memory/3012-5-0x000000013FB50000-0x000000014255F000-memory.dmp
memory/3012-8-0x000000013FB50000-0x000000014255F000-memory.dmp
\??\pipe\crashpad_2744_OKSBXQQXYYIRCQME
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9881d06cdc8ef4316a683d28f73df0b |
| SHA1 | f2924029ef9d3ff87790cd334d17a3a82020bbd4 |
| SHA256 | dad1054f4c5ee62316ae37b00fb88e4db6e7941eb782af2f4da134b940c0e578 |
| SHA512 | 4956e9ee1e66f57768d87e4145900695def4d192c1daed8399c1d53fa65cc5f1c7e99375997867a89f97009504b0dd9dedb659cdd5087c8184693ed491f4da71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf770196.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b441696b8938b90916dbfea2688f952 |
| SHA1 | 1bff6ba2e055a604a081de94d0436ec5cabbcb9b |
| SHA256 | 58fe8b872f317c1ca2cf6a50ac82fc51a8ba29f2046b9cbe857c7cd223318987 |
| SHA512 | 283f0c9f7bb70320b86a9c96d88a7a207fcbc1f06828859edeafdcdb2f7fe28401e36638762517d25136a33c5d8d2a41fb3b24a6bf151b0f291bda0f66eb7470 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 144bd20e19ef5b025015a870bd890ef5 |
| SHA1 | 9e16b2bf9feea2fd6ebe0c498a92797e086c219d |
| SHA256 | 9dfd5553c6984f2f1607f5602f8ff383dc14e3ca6f130c3ca0f55aba8cde083f |
| SHA512 | 1cb38c7c799909bd1ccb11610d96b2db0136aacb41c85f5255f3d56e6b5907b603388a7fad3b78fbdf4e78b53a3e3e87dc5c602ba101b94d53a8606a2fa9ce0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fcf95336898aed942ab0d0c08742163d |
| SHA1 | d7159e1226c78fb656c38fb5a107439e44e04ddf |
| SHA256 | a8d8f81ebf633426752db4905195e1c5a148e596a3ca5b3655e9434db5bea8e7 |
| SHA512 | db850f2b204e20ab86d07dd0138af148d87f7f27ad436ab80c8525554023f40035409a355dbc5ecd1f8d343cea7ccc935fb3c1dccb388bd3f89a9f2f09851c2f |
C:\Users\Admin\AppData\Local\Temp\Cab2DD6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2F63.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cb8c2f84dd0f0e032d54da0a7922643 |
| SHA1 | 65108de69db2da633520c91909dd1caaf1aeb2f5 |
| SHA256 | 24e41025054b1b033b9c8bf8dde147eb5392a9b253266c70aefae787b446e066 |
| SHA512 | e2407da248fa0bc694620ab3143ec4be3f0b7164dc286c4d07b4a37570dbf275cf8a1a6ed4634c33169377749b9b7d78d303109eaf69f776eff00c83cfd2ee5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 551be7d793b9e6b89d39d73d2d5a7587 |
| SHA1 | b683b08a968ff99186f86fb1646d44d6558366c9 |
| SHA256 | d3d519238dd847fac083f32de278f167745e9695346591d6b111b601151c802b |
| SHA512 | a2d39fa701d39169fbc1e9d9f916df298cbafc6739f6329a48ccff0cf45533ca62dc44a5d3cbe4dcb6f30db30dc4de674411906477a48c715e3ebdee595d2754 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44b56c1079d87eca159fc30e4734e53b |
| SHA1 | ea0b115ee4b5974ba888a676442396339d303d9a |
| SHA256 | 6a9a2f6866e05e106d95b5587abdb73526eb4d441974b0a38d03475ef23db974 |
| SHA512 | 7cf7eb0daaf666fc4c758280576a88eadc6421665d6af519c5007c68776fedc9dc582f24f2f6ef41a7ca9dd78873f945aefc5557fe7d49f129a65552eefa0977 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9b71a39f1b378eb6e9a4bd44c8cd880 |
| SHA1 | 53fcd64bff1a145e276271e29b578cf5ba0509dd |
| SHA256 | 9a0d4cb76c824d9d9a3ac263b59e4ade6a58b5c34a0cca4c5b2dbfa175fce501 |
| SHA512 | 4242e7f497a194580e0a0c6f6bf9ad20c665efd2ff89b15ba73b5aec6dfc7a42397c1513332850ecd40d7e7f93a188a978a1543efd09f3d374238c6648de911b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61211dbc386d2eb846f99a875181fbbf |
| SHA1 | ff3047b36c49f28e6f383397b043dcbf92377b5e |
| SHA256 | a045fed34695181bd726b80daad5ecb49a78089ec106a8e3ea41ceefdf3e7aaf |
| SHA512 | 5f85d0971bc3197c00529a9677500a18e7ea6a195d6cbe528ff34ad262f04ee77f6116b7ecadefbe5ea1baae3b5708893aefab915c0c81e22b876728c85f311a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb88ca6888f8babab7238f2915685736 |
| SHA1 | 3c369b355cfefe3b26baf5be89363d9ce325bde7 |
| SHA256 | 068502b190bd3bc9a59ee28594349b8197d113a421c5f28bd944ce430eba8151 |
| SHA512 | d1419d7e4acc613adfc622a241b9bdc4d9b4ca09cfd06c0fdbf9cd0615ceb7b34db4f9f401c9abcdafcba4d419eac4a4c6992a0f52469672435d758e1d2dcbbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 957597d9b358be40278645fba25c711b |
| SHA1 | 0f023203d4df081a5bf104f9d949a4bb4145ad74 |
| SHA256 | d6c87402bcaea48f0b49a5613681062e921e973aa595b5c2abf062f5d74774a4 |
| SHA512 | 104f51cfc29c0a128474b3cdb02fa20e20c339dffb3080f5910c961acfdada822b50ee4eb1e967a07c46d3ce42dda825465936a026d4bef6fc0dec1f69446de5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 548daf7f22b54858e279b703e0e8f52c |
| SHA1 | abef14fd79ab38d3090a0c84013e845247df036c |
| SHA256 | 03ecb33dafbb2d366bd741f17447a7be4b5548e337710a0f36b81ebd4052ce37 |
| SHA512 | be39de673cccbfa5d67fe11f33189bf8875517b950a43db9be0da10351e3e3bf153dbce1135bcd6fc1975c91c3af40da1375723d78cf698dfaf7877522afe424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc674c50494c6502f00a819b89633338 |
| SHA1 | 8dcf77eedafe8d8292ae73bb70f0b8409d2471bc |
| SHA256 | b109e45a8ddb8936a009ae045fc0039795e16584e7de45d039c5a40f61606fbe |
| SHA512 | 0dfc242fde3e687156ef25dec2306c0ca279ee01e0306062d0a4fd70189861b65924c0e1b165a2a5bd50728c37012279fdb1a48eaa7d9788e89aa463148162b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 60d4d9463ec89c07f911cee55a85475f |
| SHA1 | 3fabfb72aae7537824d2647ea94b75e61da43262 |
| SHA256 | c5713190cb5c0e8aa140c0e71f719e8183f3b70d061b52f0225f61f52ee2fdea |
| SHA512 | ef4b5bb7fba601671e1785ca27781a6688f06d2e24dd851a4ae6e8324c0c314c950d733758019e83638c768f48091ae863d2c6cb7ee7a284f7780c76626b9ada |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68f7e5b60b125664263d7344afad0d59 |
| SHA1 | 980d21135aaf02d61674b1f056adb5cdd3ac78f3 |
| SHA256 | 3187fa3a5fa555dc2ed7502a87cb837cd286d0ef9261a9d54cd57fbc8ed69f03 |
| SHA512 | e77db5bb42cffa2f5d3aa9faa642e3cb120505a88ee7c7229f507992aca5a3de91cc5c324600d6844a5e8d82447b6cbd8d4d81f65e1b966a6f3d0c1d57696b56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0c48b8cf333629a7c03b4d9fb871f2d5 |
| SHA1 | b11e3ea8a93642f12ac8b96409671d0849fcd592 |
| SHA256 | 49fe4f183d2788eca0d63e5a1ddb9128c13fd14848e2046ba2733f1087ded291 |
| SHA512 | 89bb7f1a81953cfb25eaade6c9251dd9145553aa3f420d4ac290e113b05c1b345e259a0fcd365df5e9892ba90f17c375c28fcbe3056a97ed5a831fd45fd9078d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 4f9d58547367f284c0fa5c840c00b329 |
| SHA1 | afdf5a998830ad8bea4d57ad8cb3882ac911b43f |
| SHA256 | 3104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd |
| SHA512 | 7d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | c0a9ea2eae24b63270f8d9d520265eb6 |
| SHA1 | 431881fefbca79ed838d8ca7b203d127969ff938 |
| SHA256 | 834be103b06246087719777d344de665a3a7ec7ded8167f6a70fa6602066ee6f |
| SHA512 | f81f21b671fa150a8ec36f1cb499db74d0043d9ace273cf6ab4078d8a427e55310b5e5e78899bd805b7f63fac9a877a5ef976398fcd5603631924aa0585d9b35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 3c74232a93d7721bd3319ad15af6a2d6 |
| SHA1 | c05fcf6c55261c12906ece903132cfbe9fd93f8e |
| SHA256 | 8e8b9617d11ad0b0ee99918551e0533d68b498e52ed56df2142a996b033fe283 |
| SHA512 | ef5741af4d0804a1c7756e25c4cdbc028b5c34a9f154f0f15fdca943af9ef3429bba80f0e100d2927fe392f5acd35b6e4448dfec4b0388650d5a88730de2bf78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | d19f357145a2ee96291ea0f34504aa36 |
| SHA1 | 26ffce889eacbee5c4e96fd8b61c2ebd84cd1730 |
| SHA256 | f085d23e60e753705381c1861cb512e90305651e4107b9a3db6529367e7ccce6 |
| SHA512 | 25987b8c3d8c56b26039c6f1e46eba6161739c93b81434822b0c85282310b63387e9c2f9af5de6dd7812ddf1eaf1491b10467c8fb1f1c285783ffac2f3496efc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 52c11498c7b62200b2eaad6e044a3a9c |
| SHA1 | 053e3c71de096a11aa3403ec3747ae21be8026b4 |
| SHA256 | 19fefaa1afb5eabbca7e26bf75082224c4343acc80d295eb1f8b637cc94f0c75 |
| SHA512 | 245f3bb8d4c340ca4db5e2c17b67273ebdffe4525e454d415415d2e7f4c95418508679cdb28762825556046a32be4b6ade933010c60bfa2117497c3c3548c3f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | b22571ee44ef2080016c1e6c6648845a |
| SHA1 | 115d6df805a78462f7c750a861922b0e2abd0de7 |
| SHA256 | adf2381b1e610d05bcb0c9e03798e4dfcfe77d10d136ff5a4d8226fec19334bb |
| SHA512 | 4015ffa6a08e42d85157cb216e995d6cd6a7fbf408dd13abc2a18f15e46dd3e0f1ee2d2b5676770ff23a1db0a5b2a1b74b6c6104299575e076ea0a31a3f10750 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | f5c51a791c3385a1d6365385d41587b5 |
| SHA1 | 510a673c9479e26b9b9f1933782c8a14a848b04e |
| SHA256 | f387f3a4730972f5113754c6ca6a500fc74b07c2127870655f49a82e58e83f93 |
| SHA512 | aa46539dfc1679189195bd320a9b3c8076517f8f3f5df684ce16152c22d6fd9f0efd74c01898d3b6a6e7aaba4d63152078cbaec2df3754a8037bb0aa054ac60e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 0bd999c2c81bf947c534fbfc130b85e1 |
| SHA1 | 73e080f025b01ae0450a041552743ab1cf452cbc |
| SHA256 | 7bef6271860d665d878fed0e709398a6026940a3a7408d9137e4f9f54af469c0 |
| SHA512 | 7e1e0e37e6ca88d56a36b4858a7d1c8b0a550f0a0211802c956f4351053f3ce0d36cc06e0413d838c89510421ff4907682424217f1356f9b66ae567a3730c27f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | bcc4b91575004b43a8d8784b3ce12385 |
| SHA1 | d3248f3bdaea64ee97ba0196051000c31abffa38 |
| SHA256 | ccaebf2f7e94b54ccd54438896cc4c3867be5dc986527cc71f57a9404d07af41 |
| SHA512 | a1c3dc049ca0252a442cd9fcd7ca4786c43b9d0086b6a1273c224c476e613c53f4966c88b6c5350e026da1e27ec977e3ee6a9b53d33eea9995480d4b41e7e98e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c091f907bf0978ddfedd2b6ec9d0fe34 |
| SHA1 | ab01af0b09350fca9d25ff69bbd73e4e9596ef42 |
| SHA256 | 63826eec94288376516b0f771033a7097cac78d2e23383fd66316832bb5c2b77 |
| SHA512 | ab3a69c66941feba1b4cb7cff3fe363db420983e0ee0804bceb24f4f1360c5199c585f02b3d9591f79f62e7513c2328bc5d1b1df051f2bdd28f3bcb1923bcd18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e70a2e797fe3503387b2216240a40c2a |
| SHA1 | b17eee5b12545d7eb734452954a94451fa035cdb |
| SHA256 | d0d6b2ff27d847f6adbfb8ecd89e2c071561fe2e6295841dca5a92f3638386a4 |
| SHA512 | ce28dc6d7d3d9a22e0c01354d48c76c1c2b6b0394e700407b5d57d43e29e477513702f553ac51f6efd4edcca4cadfb73d05adea31672f250034ce85b9745881a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9b333baa3342f6d3a7acd5102852f672 |
| SHA1 | a865f2dd5e2bf1fd4a1276aa773a09075a6b1121 |
| SHA256 | 0608bd82ac9153451acce0c38d9fff90ef13a2cda2a344091437254c731c9381 |
| SHA512 | 2b72f5d47700c0281def1bd6cc4ba8896a5315206decef7e644f55eba2fd88f3fdda7d4d8ce1ff9e9f9854476aa2f8e5b33b637dc266059c3defd94e28d87d7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7db5928e0f7e7f9a22671b345ef4bd67 |
| SHA1 | db156be6b68d5eb1cfd9aedf319cbb28cb4541ab |
| SHA256 | e293e39f100596ff6d7e0fe968015ed768b98f7cc2fbe7c81f32403ba352cb62 |
| SHA512 | 058bf3a818b9890fe7dc703b46372ea94e439843cdbe001a0b4d68caa53941c4664fa3b01bf2adf74306d28024822a9f6182a7ea0d78d49b1b44934cf9a3e936 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74d026323bcff87157c4fa67f60e76d9 |
| SHA1 | 0ac03941267696a1480b6272bf44d342d4a6cfc2 |
| SHA256 | 1bd42d78f2e31bf80295e54850f330f3dde1a2c8cfe90f8c3135312016529a15 |
| SHA512 | c0bfaaf742cf625d8a5fa5e1f5a5fe3d6b7cf7b2cd62bc35d3d3dd5def0fba4557ee141a5bdcaea0f2df3e4ce2b90b91f88a1a9355e404e42d9a9caccac76c9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d37a2685db2a31e04898a60882099c5 |
| SHA1 | 0922d58525f3b38cfbb118c0bf934a9fcdbcb8be |
| SHA256 | 9e21c7e2063a6541f532118ae4dff6e6ed94c16069a449efc01e2901acd6d7ac |
| SHA512 | 00f8d342d3a1c7f82b07d927f5a633d6e4ef8bf8bb4abd2c6aae14c5178515c0c1adeeae4a62fc808830bc978a8d42d6f0b40495fbc8a0b4f01e8d3441b458d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 8b3f1038cac254922c24af41879b35aa |
| SHA1 | 2f4b32c6fe73dd1a5c3fa7cf34d484fdd820cf5e |
| SHA256 | 0f083ee865952e6814a5b568b2f7df5dcebf96c8f807012e1d743665e1dc91e0 |
| SHA512 | 2d9e04b15aae20bfc82aa4260f648ada004bea21ce4bad0ff02b8a0f0f74b1ad88350a32a836f5e8b7f09131c2f53ae88c281e8ca8e75a5805e75a7a4e62f7a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8406c46c7c6daa09f80a39f30ac7c9d8 |
| SHA1 | 00149b372dd5c434c78d5d61d8bafa25c57ece71 |
| SHA256 | 2cbf6c25d612befd8eca0a22d54bef8f8f15a7ad575de29476fd64487e84fe12 |
| SHA512 | 1ca2f76fbe58974621e72d3e42c748ffecdf88e31702c38c30ad1c2cc1773ea39ed07fab4ef9d34d0e02858c61e884dc7c31310a55538cd5a3462f5335ae8f46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de3140fc20fb94747c57f50f3ae9e98e |
| SHA1 | cd10f8dff9dc39f5114d822864f4d2ec2b470c86 |
| SHA256 | e2e4c0acb1010490a9c6c97906f4199a4935da105ee6abea172b7ab83c563454 |
| SHA512 | 06652de3a41d124a22d8d6e9584a8ab455a4db27a4db4ba4a84e9d2a705176e3f56a208d45fae27fd8ce2b096a631869ca5fefefbe11b19e57e6fa3994e5ab2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 4bd85b719e1a640d79199a1f4cf3af96 |
| SHA1 | b809e587502737fe03f1200295fbab4008e452bd |
| SHA256 | d6e59aeb1f0a8a3a777444e9d376c8effcaf4dca8d41b99f94904e44536dc29b |
| SHA512 | 6a869953f1d38cefeb5a9bec8de4d3f8adda00210d558a4694c60f8252f2aa4b71b7776d20a676241751916452253f965f5e2f36a8e8b0a6765e11094bb4ad24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9186aa35d93462f422dae3f11c321ec4 |
| SHA1 | cb6a0510cb9541dc8edf492aeaa5ea3da9efa7db |
| SHA256 | 7aa0f8b1bdad1b60c985787f624b4407a1e84bd8a353251a919e2ebf305df4bb |
| SHA512 | 2907ab48a67537d67cb1d6e8746b5525e633dda83a9e7b2844d815697619530ad01f73efb8db908caaa689ce6fafd2dd49e684178c630c2244c99d0cbc33791c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48b749d19edb08f51b39efb328194656 |
| SHA1 | b61b594c87b799a9a881d37ca0ca195bf9b5cb1c |
| SHA256 | f2af6f9326b2a68eb5213c3823bf83e5b59624143424c9d90b06eb175fd395b7 |
| SHA512 | c6ba980057da211afbb13af3bc632c2f67a53ec67293058e7d66e0796b49b6fc110d1ceb5804763f3d4216639479484a1454a2992f2b91a270d388d09e5ef7b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17f43cd668d75d42880ef2a8e30eeaae |
| SHA1 | ca98eecbf4bdb1313d23a7a83745d0f44d4ee206 |
| SHA256 | 89eeb60e7e3958787fc25e6e925af5b313b729bd9eb693139dd0ba864f102a21 |
| SHA512 | ec8c515de86e080adde21ba8bf12c50bc4c29d6ef3835a4cb2630f060564534e779c3271d8433be6f7406bc0eeee2900a3cf0761c39bf8f0b94f0a9dc5a7687e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad7e04d9e59b3159a067bbbb93ec643b |
| SHA1 | 803e0fce4ffc8811db5a583e4e52923acbc02e89 |
| SHA256 | 8edf267eb17217a0e07b41ee6653939c41f1e6bc40a97b554771d937be11387c |
| SHA512 | ccfc9e00e1712fead1714bc30627ca7ddcd9365a8346e3c0511f3a5b42095bbab5b4d6ba440f89b35343f4f18925de13ff5045a381e7cbe0ab9da8fa9a38d587 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aba544062cee2a3bb8c56ac8383d6c33 |
| SHA1 | 7a72252a6039f4a4e8f109d848c0bf696e88bcc7 |
| SHA256 | 685a59a21707556a3cfe3f40cde862b1266474bafd9f9dc618274ea50a7daaad |
| SHA512 | 18cdcec94f9a0d195eed32066a5cc617f72ffa055567e3b18f074f3f41185c6df8793c03be81f8dc59df582656b75480d709646b62774ebd16b794e5207f06aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c31ba8543131635468fd5ec23260131f |
| SHA1 | 3a0913399841a0e464e197eec05d9322301bfbe3 |
| SHA256 | 7239c13fcc7fec165897e20594d085f1836659a1965d91361c266e0e4a3d38c2 |
| SHA512 | c0824f9bb0156ee780931f7e28bcaab43d55c3f6c27b8f9e08a512a9e699b2e73c25befe4a16bfb2e1efec0409e1b6deba8a9bab9ae0f5b0574483563cee01b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e0cfd78aae9bc652d9fa131835e6906 |
| SHA1 | 19fd71f69cd61f936b8ab1c9d3d0e3ae6d6cf4e3 |
| SHA256 | 3a13e63bbcd7a8e1775c16d0094fe66a10417a151a4b0be7dd3006d74d28cdce |
| SHA512 | 3d900897470378a7e03772f05ae66d8972a78a5c9a5a6be066912f5a1b1e8ec0a9a719e2a7bb934c88dfd36e44a1dbd1c5fde7dffa9511539ac6607a01ee5c75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5f3afe89ce7b1a20726ca568df6760f |
| SHA1 | e6aa38139516e591ee1bbc74ab6d2e704ab2de5d |
| SHA256 | 4e120aa859875cc380aa6ba259cbd99e8954d8da45473b40f4aa03d5b3087b38 |
| SHA512 | 90e7ce8b054463ebac59e80d2abdeb2e20d6fd0bcf4ee71a2865cba1615d23a27e8bf57d552eb03c5950a5c76b1e90b923c47537d40d29aea6616be40cfd7ebc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2187cf8c00ab6b1d964040329a3bd18a |
| SHA1 | 30ea8a34085de4e8f92cf0db11f1c4f8b5e9125b |
| SHA256 | e314582fca4bc1554aefa27cd6ba9fff6893e4b494480533c83e642036131479 |
| SHA512 | 30e76c86f24254b29ab6a3a684a9b857ff750404cadd4755b580590ba399f7f047c1018b32bd5b58bbf610fc9f450541b782897c752ec5ad3a3df6426490a989 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e51918954b0b90538d924fd3f15ccc8 |
| SHA1 | 11b64b5fd38e2ce09441cf1ff2c27fb23f2ad9c5 |
| SHA256 | 9199217a470aa0870d70ae0c01e5a1aa991ac0d3c3d3ba7eab6af5377480cab3 |
| SHA512 | ba4cf597c2a3a5ceca5d73886ea42f57037f450d6fec063e89ce3fcb49c445a7a72abfe313d3f03ce42dd26f47f6b0aaccb2c6e24af1d7fed9be7e0a02feb72a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 305ece427544a4f91b6564b7dcca97c6 |
| SHA1 | 37d15b3a8312a6eced8cfef82f7811fef13a28eb |
| SHA256 | 765f3fd016c0ee6563044569bfe9f00538560baf0415b51516a3635f8e07e00e |
| SHA512 | 0d9a7493850e48530d4146dc2c81076ee490391d8ee2ec58e2084c3fe85e62a50b5458450f422e3e8cabddb6ce45766e8126f5e3dbaf9a5c627d5537ee0b00e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e10b26e3072d9d811f1dddb1d7247f2d |
| SHA1 | ab7400160b04ca89fed1e2618ca87ddd956992f7 |
| SHA256 | 1b7f18da6d9260a743b73a13bbfdf6b9ea0c0d457c33456dee07445ee3e2067d |
| SHA512 | e838008266e40390b60754e5d264a8dcd7ad33c6db3b214a42565ab0afa84bbf69e3024b00136bb3e9ca0f460953b7f5d8cf02ab992c92961453cf6ab8f1b1bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0e0bfab83d1bf8f5bbd214193b0706f |
| SHA1 | ff741a29ce601a1806021781b6fa5c45a88d511f |
| SHA256 | e9b9fd37df6c99334a8de883dc5f44a6aba2548262c668d31fd0031c4ba0a6da |
| SHA512 | 49cde3b5ca42aa7c2a3b6eb1b1efa61ecb2b7f460819455f316b8c21e6c4292e563cce8116976c999c8b3fe1b7977ca30ec248116b41bc9256bbbe85108fd912 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac23fc0da610c79fe05c4be090b7233c |
| SHA1 | 1a1bec1fa1f1692c6185b54d2bf863ad7c92b181 |
| SHA256 | d7df7875851b653c41ba0dc36f36bd9d6c77000dacce0c0e8afe4a462f2ce6f4 |
| SHA512 | 3f8455aa67f96c1600cf6ba91713b0a607934916acb3d3a1ef45c8f541158e237341557491f0893c7be195d7044eaecd363e764c2233c107f85379c06d1c679f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d47760f40e450c087e58cec817c28a5c |
| SHA1 | 17a405a3ef8eec4f221136e229cf9c2a1288b21e |
| SHA256 | d07443fdc2fe5464baddaefbec840f4a0b15675ba28983331ae9191eb0406ffa |
| SHA512 | d7d5fe1069d71bb640b9a64f757e29e66a4f3a48828ab16e2494527013f69a2886e4ec2ee15f7042a96f349136cc007060823e3bb3cb03469ed8747bbbace82a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4c4d156b402873e549954e6cf35d76e |
| SHA1 | 72eea28390e99cce727288b7594636201466c9e6 |
| SHA256 | 7ddec67b87a6152e9ac3eb6d50afc37ddd3080fd2360971f83a655359e5d6388 |
| SHA512 | 6145a7cfb646bcfec6f892c01a305ebef4e7600494661a949a892d87404fee06e4d70e4d49d9406cf30dc107bbe45bc2ee0d2d7b24a281c4d52d7a539a2b1f20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbf176f4018a8604a3b04d3a1f3eddaf |
| SHA1 | bf704cd69b0b187ebccc64de7357ae83d60fae8f |
| SHA256 | 8cc5ece162be4712d9ed48d5af7d8f7c2e635a8960b300249b3d94c6b52eadff |
| SHA512 | 996ef8293d1afcd00402ad479213deb9daafc191f9a48feda8a58e73fdcb33006cf3abfa57d0eb504b79cb8d11c1f507dcbecda1da7113dc041520825ab563a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 82d60294a31baf78c98e6f35762617d7 |
| SHA1 | 8aa50d9916a5af7470d55a2de7b0b04c554ef11a |
| SHA256 | 9b2e2f17ba529108720c8d3fc981a1e3c08bfb2e98954f7b3edf0ab2bf1e5063 |
| SHA512 | 85ce7380b3f6e1f9ab84b36e0dd38cefb1c544bcea09cd25df90aee3e1fab02406b5be2497e52129a84c42eab00c07f697487708d08db7dda39803a9e46e05a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 96a92d44fa98c40d9482dffcbbc5f01c |
| SHA1 | 95aa57576d776da5b0764d37902937c9c896f0fa |
| SHA256 | ba0e4e14ec00540afb7c664020a4b5cf0ed12ea0ee1c32677a2584e30c4b872c |
| SHA512 | 87bc7a8731b84efcc522e5dab4315a8525615b5c44c8b767ce29e83fb38152d405fe43ac1d17e01735198702f824b63fdf34c6e8816d36b9e665d219b1b73d3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\45c3e5c0-d461-4ece-9f7e-8f68ae0432fa.tmp
| MD5 | 8e9e3640e8bcd70f71ad678fca2bcfac |
| SHA1 | 39cb4e081d2a057f5b976099bb5e0b46727f469a |
| SHA256 | 29fab1b9ce90a7fc4a7c63ac4d78e983a71977bc68a24bd38291cbff6da3b920 |
| SHA512 | e1d331a1cd850a355078f05ae481e29b8508ce85921c662a5005f0caf6f8717d0773fa5ec801afaba7937615af5a1c74a407494bd3377eb3e71fb1869b3f643c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3e161eb8b6341a9b1c369e504299efe0 |
| SHA1 | d8f2da7ba98695167c76e0cc29fe6b9714581b7c |
| SHA256 | e8aecb13554ac557c19172b64f76d3347400c645f9127d93527a38506727286f |
| SHA512 | 91447f0f9c25818d4ae3fb36eec37d882a73fc5cc8ffd0936b26c3e5729cf910826ec597f9d364d1664ed18f21599b7fcc12291236465ac418f2ab27b77a34bd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 19:38
Reported
2024-06-10 19:41
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
54s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\modest-menu.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\modest-menu.exe
"C:\Users\Admin\AppData\Local\Temp\modest-menu.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/840-0-0x00007FF701300000-0x00007FF703D0F000-memory.dmp
memory/840-1-0x00007FFDA3C10000-0x00007FFDA3C12000-memory.dmp
memory/840-2-0x00007FF701300000-0x00007FF703D0F000-memory.dmp
memory/840-3-0x00007FF701300000-0x00007FF703D0F000-memory.dmp
memory/840-4-0x00007FF701300000-0x00007FF703D0F000-memory.dmp
memory/840-5-0x00007FF701300000-0x00007FF703D0F000-memory.dmp
memory/840-6-0x00007FF701300000-0x00007FF703D0F000-memory.dmp
memory/840-7-0x00007FF701300000-0x00007FF703D0F000-memory.dmp
memory/840-8-0x00007FF701300000-0x00007FF703D0F000-memory.dmp