Analysis Overview
SHA256
880c660c294b6a8cecfd83182de82154b75ae2fcd723d34bd498e05771a2efb2
Threat Level: Likely malicious
The file Heist Editor.exe was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Themida packer
Checks BIOS information in registry
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-02 05:22
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 05:22
Reported
2024-07-02 05:26
Platform
win7-20240508-en
Max time kernel
43s
Max time network
150s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4c00310000000000e258f32a100041646d696e00380008000400efbea858f071e258f32a2a00000030000000000004000000000000000000000000000000410064006d0069006e00000014000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7400310000000000a858f0711100557365727300600008000400efbeee3a851aa858f0712a000000e601000000000100000000000000000036000000000055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\explorer.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe
"C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c explorer/select,C:\Users\Admin\HELanguage.hel
C:\Windows\explorer.exe
explorer /select,C:\Users\Admin\HELanguage.hel
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start notepad C:\Users\Admin\HELanguage.hel
C:\Windows\system32\notepad.exe
notepad C:\Users\Admin\HELanguage.hel
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66c9758,0x7fef66c9768,0x7fef66c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1512 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1436 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1416 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3740 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3720 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2404 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2720 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3584 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2500 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4064 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4276 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4292 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4528 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3772 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3712 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2972 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4460 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4420 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3720 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1324 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=1140,i,1977069693946526873,2760896208435864220,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | freethevbucks.com | udp |
| US | 69.48.182.238:443 | freethevbucks.com | tcp |
| US | 69.48.182.238:443 | freethevbucks.com | tcp |
| US | 69.48.182.238:443 | freethevbucks.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 69.48.182.238:443 | freethevbucks.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | esseps.com | udp |
| US | 208.76.9.135:443 | esseps.com | tcp |
| US | 208.76.9.135:443 | esseps.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.tagmanager.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | ats.alot.com | udp |
| US | 208.76.9.101:443 | ats.alot.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5---sn-5hne6n6e.gvt1.com | udp |
| NL | 172.217.132.234:443 | r5---sn-5hne6n6e.gvt1.com | udp |
| US | 8.8.8.8:53 | www.mailjet.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 3.9.51.5:443 | www.mailjet.com | tcp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| GB | 3.9.51.5:443 | www.mailjet.com | tcp |
| GB | 3.9.51.5:443 | www.mailjet.com | tcp |
| GB | 3.9.51.5:443 | www.mailjet.com | tcp |
| US | 8.8.8.8:53 | images.ctfassets.net | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| GB | 18.245.253.27:443 | images.ctfassets.net | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| GB | 18.245.253.27:443 | images.ctfassets.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| GB | 3.9.51.5:443 | www.mailjet.com | tcp |
| GB | 3.9.51.5:443 | www.mailjet.com | tcp |
| GB | 3.9.51.5:443 | www.mailjet.com | tcp |
| GB | 3.9.51.5:443 | www.mailjet.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| GB | 18.245.253.27:443 | images.ctfassets.net | tcp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 172.64.155.119:443 | privacyportal-de.onetrust.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | battlelog.co | udp |
| US | 104.22.31.188:443 | battlelog.co | tcp |
| US | 104.22.31.188:443 | battlelog.co | tcp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ekr.zdassets.com | udp |
| US | 104.18.72.113:443 | ekr.zdassets.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 104.22.31.188:443 | battlelog.co | tcp |
| US | 8.8.8.8:53 | betteraimtechnologies.zendesk.com | udp |
| US | 104.16.53.111:443 | betteraimtechnologies.zendesk.com | tcp |
| US | 8.8.8.8:53 | widget-mediator.zopim.com | udp |
| IE | 52.212.33.222:443 | widget-mediator.zopim.com | tcp |
| US | 104.16.53.111:443 | betteraimtechnologies.zendesk.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hne6nsk.googlevideo.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| NL | 172.217.132.39:443 | rr2---sn-5hne6nsk.googlevideo.com | tcp |
| NL | 172.217.132.39:443 | rr2---sn-5hne6nsk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-5hnekn76.googlevideo.com | udp |
| NL | 209.85.226.6:443 | rr1---sn-5hnekn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-q4flrnez.googlevideo.com | udp |
| US | 173.194.191.198:443 | rr1---sn-q4flrnez.googlevideo.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| GB | 172.217.16.238:443 | i9.ytimg.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | tcp |
Files
memory/1676-1-0x00000000779F0000-0x00000000779F2000-memory.dmp
memory/1676-0-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-2-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-4-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-7-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-3-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-9-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-8-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-10-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-6-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-5-0x000000013F7C0000-0x0000000140A96000-memory.dmp
C:\Users\Admin\HELanguage.hel
| MD5 | e48671f08c254445aab192942dbf6059 |
| SHA1 | e349a76d4d6562e81fb1b7cd9bec0a79a2adce4f |
| SHA256 | 7c642b8a501c94cd614f1178b2d11e3d39557ae5a26bd8e17e6c2a29f7790bcc |
| SHA512 | d33216bd275286dfb8891b374e88e9f91bcb9f9dd50f6dbca298ae7cfabc92dfadab321f29845c2c612e2ef75e7b32c257f886ffad437eb3118bf112115b76f6 |
memory/2668-18-0x0000000003590000-0x00000000035A0000-memory.dmp
C:\Users\Admin\HE_Config.hec
| MD5 | 094acb45fe35409f4f9fa34365cda714 |
| SHA1 | afe86528e78075b38afbe92f9df4433aa5843932 |
| SHA256 | deae8f9d469a291e3d2e0fd8606153e6d29c3560a32786043e7fe0557955195e |
| SHA512 | 15576071836ccef7ddf13faebb58a2e0a40468539a364f76cb9683bc913f0dbd8d9106e8b8aed2d56dcd1368981f480ec80f21954da5661be8eb89c0ae686b11 |
C:\Users\Admin\HEModel.hem
| MD5 | 5d1a149f3203d84bd7a15c0f33398732 |
| SHA1 | ffb7ce1713781e256a8318b00364c11ff8c2c245 |
| SHA256 | 77fff2b08f004f4cb4d695063e4f08d55271a5ad93273391e9a9e47c32b7e190 |
| SHA512 | 8ed13f99e8fde319f1369231b1886e67e7333a48dccd5a242a0e531f9efda788ea9389b41a2043886a84d61fd6c90119461840d2443478deb7c1a7a811279901 |
C:\Users\Admin\HEVehicle.hev
| MD5 | cf7f9aee23075a7915cb46cc438c794b |
| SHA1 | 7cd29eac5c4ca59ce23ccd3a51fd53d4ed3608d4 |
| SHA256 | fbfa926cc6ace7c9ebd9c4ec2003370e21aa2d580e624eaa262045cb034c85de |
| SHA512 | bcfc09ff5a0d5a5a9723f2f15104342454211810ef99f99a4094c78bfdad2f85fefbfa295a00ee0c1aeb66d6f878fa9c123e6e8ac1b109bd81040cf4541fb5c6 |
memory/1676-22-0x000000013F7C0000-0x0000000140A96000-memory.dmp
memory/1676-24-0x000000013F7C0000-0x0000000140A96000-memory.dmp
\??\pipe\crashpad_2928_MHTFTKDDVNKHDGGI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 824c4df546ccd6b4b4f5e27334ed82db |
| SHA1 | aede9fb3b54fdb5d00481e3da9c9b8dcf1d90ef2 |
| SHA256 | 187ec22873924cc876676fcd2bc27e3f1493feef244e989e43e37ee25438c4cb |
| SHA512 | 4a7f5741a6c641c2d47429103462c15adf7680b05692249b2835e697f3c53e7aabd83f602f4ed6bbe6710b19e8246e2d06ebd3b390c6a39516ba53416cc07b67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3d3065591088992803afdb9f537f7c39 |
| SHA1 | c34a566df7df43135ecd3613ef77c613b3a13bc3 |
| SHA256 | e9c02ec238e4744d0d49ee81be48640e3ff7d17879cbad16f9cb01dad3e57d93 |
| SHA512 | 545dc21f3bd116eb606f2368862ff663851067983c3f29dd1891f5bfac1d99d0464a2d7833ece17e4b55d04ca6bbf2f6d5549abf67b937b3d0158fd4d0ff1997 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b8793ac9ad39ec8ed59e1ce87fac8f15 |
| SHA1 | 80eb364d114f97478943e3ee1bd08fbc5b25573c |
| SHA256 | 671a1585d04b437f4d8e33f48e98e9ae5c0bc91d51f160a0377f067a57e8e3cd |
| SHA512 | c538e7e85d327d86edc23d8a3da460c437721fa35eefee3bb543ba3ccbda1c653b8e90c45493b8baebf38eab9819c6992db61e3e18234e66468de8aa1f17cc6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8b0d4c2e-e312-40d8-b984-e33e6516d3d4.tmp
| MD5 | d15bf21197358128a298b1c90a5a2e7d |
| SHA1 | de541edb8a78c64d7240b75442b4e3665838a83e |
| SHA256 | 08dd8796b9a24a2df13ebea1c134d03c4dd062d9f8af54f4d53c65c0252a1514 |
| SHA512 | a7d6e67b7887ba2391b412209a71355625ea0ccc2263a8b533197fd0cab4d6241187b341bddb55bd31b464a840d0f49d20d336daf18b91d790509fd0ba9a932d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCB5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 691ff6d14698662992b60966d4cd01bc |
| SHA1 | 52cac2dd0533813a6e32f23fc4a3aeb6ba0714b8 |
| SHA256 | 92c86b53a59e8bb9f982968b506b192b1f2002842cc8cc660ff2545aaf3b8738 |
| SHA512 | 4f26b058050e23dfa3027b26b04e0efa3ef34007017ce5fc5f43ff89b6aebf9668c5a28eb4b322ffafcd1e3b7c7729db2eb0dbc5c83e4e028f12e5be24333512 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 706d1ae35c43b091590473c854afe27e |
| SHA1 | c94dd8f6838a33e5e1e0a42d6124c8dabeb00871 |
| SHA256 | d10b843af5f0700f39ea282643d852f19d7aa99624cb10136a864a7f2f674687 |
| SHA512 | 9eff697cb767c970a6372da988765e99f89097f0df603b7c6726736f809dc66ce027cf20ea3799c36f13d08f1c154c79c08eb8cbf3b259e275501bc8041be999 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ddd796e79110d9725c26719aebb3da05 |
| SHA1 | 36f85a67c6563c10d67c525be5d125e17d690425 |
| SHA256 | 182eda2fe99c94691e41d7bf3874e94d1051c6f72bdb74bf9163518ef9f0f6f0 |
| SHA512 | 59cbb5b817ae50bf5ac99945ce6d728379a0e349673e2e8d491d65fe7f32493bd807c1279b8be895b0cf4f4b6d690e9e22af276cd28b611d089baf7e30ef2391 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebdd0421b4ad27d1e16562c2ed9cc946 |
| SHA1 | 9fd0f3e3e4f2d53c6196879cb038fa39f9d18438 |
| SHA256 | d94d31da8987e1d143191264d0cc9d016a1cae0ca3e3635409ab0fac094a5ae7 |
| SHA512 | 0d8426a7a305802a4fdba8b9736fc392fa5547a7fe0a1526f039c48d0acc1f85f25b2899bec3f89c3251ddcf628ebd6944b98c16d511ea57a553ffc690d4f59c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ef8877b931868f32497def338673184 |
| SHA1 | aa76227ebe66dac342e8ebb5d0eeecd108378c0f |
| SHA256 | 4cdfc6cf5dad51e553442f06097ef8288e050afdd4d6d736ab2ea2b6794caaa6 |
| SHA512 | 42a281bc6b7ef2e1a9d3f44f754423ec9a594a63f37dd99e6ac3a52de0410d51db13f44d5bce1d4bddcb0a1f4b4cbb3c10d47f1e1633cbf0e5c249aa6bcf06e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3e952ce2b425909ae0165ee4b7cc83a |
| SHA1 | 4db1d40a94e169d24eda55996f3a989f74bc1b19 |
| SHA256 | f5116a3aa39a64614161ea3794af9140830b816951570af012a5a2a0f196f5ad |
| SHA512 | 2565c271f053a662e9a1b0da6eadb24ba416d89f54ddeb388792704911a8dc4ae9b4c2e1049b794ed27d1d4ca0cfa9ea1b1582597560aea6d4c7b7b5a9f9c0a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41df90eb145334424cb2bc7b3c58449c |
| SHA1 | 3c94896cbab75434c91ba6cfc65c118f7261706a |
| SHA256 | 13ae2922bc2bc800275da1af001189d88ade14acdea9c733a6b57a80af2a6190 |
| SHA512 | be3a242df026fffadd197e55586d759b2a70349c5dcb01324296761c2a5090ee5a0d680113bc871848b2a91ac1d17d8e9ad2805311b3532aa79a3b135173dbc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf775cff.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 625ae51e84929600c9f239e81c739f3e |
| SHA1 | 1564b04d1f6677849930b51f04b6baaeccf6872f |
| SHA256 | 8307b0ad1ece0b1c4d25a07c2fd8fe5b9f1b40722a872f33e59f282def293ebb |
| SHA512 | f051837ed0e2c2d5c40d7ab32c2472db2cdc18fbcd2ee82886cceac272403ca5c74dd195a918a3dc027eb0356997c0fd4c58e341481338c79e33290f28545417 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c7fe027dd4874f54b0235bd3b248dfc0 |
| SHA1 | dffc605d0602d3159c5e57fb1e3be176127d6d50 |
| SHA256 | 14327ea011a92162ec5754b0599858416378823f290388d2d880a98556c9f1f3 |
| SHA512 | 8fa801112ba5a612455ec17fd3d9b2a6aa18876e747c0f1d9acb111a020bd6ecb00b85653f2544c7245c45abc8871b9214ee99f02067231cb96d69a0590a02d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | eaf391f6fb9ec94789e9a96f432b6b3e |
| SHA1 | 998d6b1bac52fc725b8016878fc55164568870ee |
| SHA256 | 115144fe750ac9cbfb10c470ba3b9f529635dfe86eeec94f899b49a46b95604a |
| SHA512 | 4683abe92d4796ced85e089778674d432ca725844660e2c1049d75d93be2ce6af42161d5d3ff8b78a6cb4dfbecca83255b2b93eb6e004e11004f4d0d18a45f59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 926a808758b808b3afbf37f5aaaddd22 |
| SHA1 | a7cadc90f8857afc814b567ef2ef2a35685bb514 |
| SHA256 | 5915cea734384a0ca9aaab575e3ae097875bb40d4b13228317d7c7a54f5eaa0c |
| SHA512 | 5999d6a808a6bda45dda71dfe45a8f613a80c1c22e3a775a8a70ad6bf279239bdc8c4b412f3059562264ea68d4ab6a2e9919645c2c64b3ec950e60bc1af26390 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2556188d0ed0147e8bbe764e7474c2ea |
| SHA1 | 4de72037057f9c3368d7813aa5a26fcd806a705d |
| SHA256 | db12e1d40e8ef4ffafa880e70f267ca5ffc7ccbec91a8f70a6859d4543cf4958 |
| SHA512 | b9097b20524872b8f1eb4507148be18e3e7187e30e0616e829dc7115806dda5c3b0dc46cb3d030c9af8ca9651d5a687cfb64ede3fd3439ca919280c36cad34dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b10d334b4b9ac5f3fb9c4661afc4f17 |
| SHA1 | d30281eb3af73562ea691c4f7fabdd78dfd84d17 |
| SHA256 | a5a9f0e7b31463deabfc2ebbac9635da22bb639b423893424d960783a35c7d30 |
| SHA512 | 36629635d95490ec0ed4b3ed6170ac7c08abf7c510e7978fd0ecbabce23541e5a09b27014be78533fee678a962d53a93c232344cfa53e2675fbeface7e21e46e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 304acecc51c98dacc8ce7be455453e6e |
| SHA1 | 16bc08655a3c0ac4ae7863cdd7a381f7a5c625b3 |
| SHA256 | 43a4a9dd2efee409fb9326c29b6f439368637e4799cd0e35bc02d6a6826a82e0 |
| SHA512 | 2f80f1b3a7ee90a0db0e495a4d15c7eadad6d58464a96932a1b711064aecf610778d3a5e8dad49eaa0a6aa3e9ed3b5130908ed8040035803620659767d9b54b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76f9d383876cbf5b7c062c8557429556 |
| SHA1 | 765e89198a3654fc2c92d203514d31e13038b047 |
| SHA256 | e00658ac4d0d6d97dd1a1a0a17a83a8c57a1c18dcebe361e558fc6c52c240a95 |
| SHA512 | d9150732ca7fe5ae5aa5e5393749e2cb5bd951292f7ca95612cbba9a8b4e9fb958e9a3907436a1cecf7d6d16b0a2a298d8621c6ed945ed605c98c645d1a1102a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f
| MD5 | 52c0748c04b16f065830bf2bac98b6a4 |
| SHA1 | 23fc3617ff639ae05e8f87d6349c5b4f86656409 |
| SHA256 | 740aa2002623f90b4cb6d4ec3963092479355393dd9bfc194acc88900df6fa1a |
| SHA512 | bd45b0a2026e7027787c027c3d4a1276dcf4b655fa90e62b0b5c6248f680bd52853a2c40f094b108bf49a5030ef49ed1bc0b511b8166a90a79585a0acf0ab6bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062
| MD5 | e499b19b32aa0d3356895de9021585ca |
| SHA1 | b1f8b92ede12d2ab543e9e4cfb89f8468610c7a4 |
| SHA256 | 7d45b6f483836758509ac29028761b4538f948334a5b9fd26189d2d2dc64a20e |
| SHA512 | 37547003df67161a320603a72507749fe254d98e0af6dc21dc5892c0469610e64c7f65d88df91c80b7db3bb5e642d38c23aac5fdb60ce2dfdc4123bdd56516d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061
| MD5 | bd427509728a3ddbb10fe203cad7eeef |
| SHA1 | 078194e0cb9b93b4d77ddfb701b3b739517821bb |
| SHA256 | 55cc50b165f976a7b8e290cfffbb0b2c17e475e88cd1f14bb9d39a2872a38c50 |
| SHA512 | 0088747369cf02085a50bcdef8912507b4c0676aea9497db8a6fd1deb2c1ac012401caab7f5efd3f5b8af8b51e7f9ae7dee89bbe179b546439eba20ebfe45bca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 71a6ffa17fb830854ffa63280b014032 |
| SHA1 | 123239e0a753c722f4108f8f534877141212b2aa |
| SHA256 | f46451bd8d0baf8ebcbb7081aab38049b9c292aabf57c63ab7b10341e598851b |
| SHA512 | 6182e8303ae7629136e11eb77ac7d1e32db2c30e6b26bb1ad223342f1d4ae917ccacbc3e09f06c22da8cdabea328508258d55d2521ba1617b4f346fb2b53705b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a2585834edabfce78b6f80073c1cfb7 |
| SHA1 | 29b6322084e525029278664018d6636f303d49ef |
| SHA256 | 2a72562e5b07486471f324a2b10788000af1dc9d91bc4f806760f15b3ba4abb4 |
| SHA512 | 4cd51072629bf7b00a0d8bd3f3202e9ee91b1d39ca9fe897b97be54b73b3a38453c0e3a3c5da00a20b5aa751a656c0f631268a67a71fdb1187c8d3c82cad856b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 2280e0e4c8efa0f5fc1c10980425f5cf |
| SHA1 | 1d78ccb26fef7f1bf5bf29de100811e1ac8bda23 |
| SHA256 | b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74 |
| SHA512 | b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 8f5c02a2d7cb398342851ad2ca3c87cf |
| SHA1 | 21b7243532e43301a97ec5cf0d11e4d621b0d784 |
| SHA256 | 08e636b5f642629c05ffe78ffb5f1b808fe37fe9a7b37409b11bb95e7990ece9 |
| SHA512 | 348549184e00dd37d1217bdaed5fed7faa08362c3838ec8c0c2469359b659c2cae11d5aaface994499195b38412e1c07ee2300e531f2cc552e2d14761418f27c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | d3ce8132fff199a89682d53d7c7f33d3 |
| SHA1 | cebe2b4b10cdab32d5e883b51e21f4c8c62af86b |
| SHA256 | 24f1cbb7ca9a5e6ecbcc90504ed4c768ebe3a8ad2def99b58ea7cc89bc13813e |
| SHA512 | 4e5768a5278c732bf4878457d8acdd39b5b0230236e4577f856e5757aa38a508eab84c7f6b8df853ed5c4e9edad8d0233bbb1358e7b9aaf2e59d5ec2498791ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 9bb7c254e204da65b36d4b659136dbc6 |
| SHA1 | f55681869b7c85c859120cb8283468ff34fd22de |
| SHA256 | 7eeb53c7beac1c1b079afa48f65548cf3fb55d4d1ff18a85eb7c0f475e84878a |
| SHA512 | 74aad164d102c6bb636b2308ae7afd33ddb7b6193f38eab852a65960058e5e8bbad34ce77e3b15f7b8806396f847b308a33848a43d5e9b539cdf1758bef68636 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ed12386ce87160467106b2999510b6a1 |
| SHA1 | c39253a633fb35fb9ed91939bcf69ed2a6ed2e0f |
| SHA256 | 5dd6b9af39fc0f1e2a1eba1811f31e25ffa71e7c91d75bac83c6a5d119976920 |
| SHA512 | 41fad12f7b7553b679421a9e8a4a99ebb97b5e383c825f7224e45dd24662f97923f3cc36755a46c3c02d7f328a42d028e6b8c37b5ac7cafd774f484723ade119 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04de60d811d5d8e4f6cce16b6df0b50a |
| SHA1 | fb56504b28009ba8bdc5e10c47a3e2abfc8d8779 |
| SHA256 | 484d14a653a3b3879189544f54a02e4a34fcedb7186c1967be9d2c87bb9ed55c |
| SHA512 | be196162d3a00cba35bfdfe652d4e97e1fec80b65e274fa4f1f618f48a6abca185063bdbec2d3a5e5e3c2c1b5619ab32c11a3ea1fa11f96f93c6b5bae59758c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2928_165924059\Shortcuts Menu Icons\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3766bab36e34e990677b49d6894e03dd |
| SHA1 | a53365065e2090e33b5e4be904e296237a90fa1e |
| SHA256 | b733cc3b24b85ff7fa453437e012a399daa383fe464607ec58e70ac66ba8d85d |
| SHA512 | fd924672ca78b80b79e7bba8dbaa312c70b2dfd813b5ef61ba9ad77d3a6b3503438105f72d130c8e1fb21ca286383f0d5b90f88d8ce4760334541f8520948425 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-02 05:22
Reported
2024-07-02 05:26
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000a858bc531100557365727300640009000400efbe874f7748e258f12a2e000000c70500000000010000000000000000003a0000000000070de60055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000e258f42a100041646d696e003c0009000400efbea858bc53e258f42a2e00000076e1010000000100000000000000000000000000000016d06400410064006d0069006e00000014000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\explorer.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2024 wrote to memory of 544 | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | C:\Windows\system32\cmd.exe |
| PID 2024 wrote to memory of 544 | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | C:\Windows\system32\cmd.exe |
| PID 544 wrote to memory of 1936 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\explorer.exe |
| PID 544 wrote to memory of 1936 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\explorer.exe |
| PID 2024 wrote to memory of 4740 | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | C:\Windows\system32\cmd.exe |
| PID 2024 wrote to memory of 4740 | N/A | C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe | C:\Windows\system32\cmd.exe |
| PID 4740 wrote to memory of 2984 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\notepad.exe |
| PID 4740 wrote to memory of 2984 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\notepad.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe
"C:\Users\Admin\AppData\Local\Temp\Heist Editor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c explorer/select,C:\Users\Admin\HELanguage.hel
C:\Windows\explorer.exe
explorer /select,C:\Users\Admin\HELanguage.hel
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start notepad C:\Users\Admin\HELanguage.hel
C:\Windows\system32\notepad.exe
notepad C:\Users\Admin\HELanguage.hel
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
Files
memory/2024-0-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-1-0x00007FFD5C750000-0x00007FFD5C752000-memory.dmp
memory/2024-2-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-4-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-3-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-6-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-5-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-8-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-7-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-10-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-9-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
C:\Users\Admin\HELanguage.hel
| MD5 | e48671f08c254445aab192942dbf6059 |
| SHA1 | e349a76d4d6562e81fb1b7cd9bec0a79a2adce4f |
| SHA256 | 7c642b8a501c94cd614f1178b2d11e3d39557ae5a26bd8e17e6c2a29f7790bcc |
| SHA512 | d33216bd275286dfb8891b374e88e9f91bcb9f9dd50f6dbca298ae7cfabc92dfadab321f29845c2c612e2ef75e7b32c257f886ffad437eb3118bf112115b76f6 |
memory/2024-18-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-20-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp
memory/2024-23-0x00007FF6981E0000-0x00007FF6994B6000-memory.dmp