chaos | d139cf9992044e972e139f409f80f7c944ae0e03541fc3fb85f0e78a1ca03440

Analysis

max time kernel
202s
max time network
209s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Avast antivirus.exe
Size

47KB
MD5

825237535c11ac8b38d3227a9b0d68e4
SHA1

afb3d9a122d1f9c5149148ead8fdeabc8f065648
SHA256

d139cf9992044e972e139f409f80f7c944ae0e03541fc3fb85f0e78a1ca03440
SHA512

6d9a7953149d979985f470746f0f53d637e85aaaef6d50b0ee2a4af5654677784b13064caab49f51ac1e9497af13b66c36954f10b7def7ecc8f66e57e1970419
SSDEEP

768:NYqo2ycN9EpGkmc1mEnHr9usUMmT/meMFAavvlXRIrpCZ4EFkrY7IB7e5:Zo21X3lEnHr9uymjBavvlXRSCtFaYMBe

Score

10^/10

chaos ransomware spyware stealer

Malware Config

Signatures

Chaos
Ransomware family first seen in June 2021.
ransomware chaos

Chaos Ransomware 3 IoCs

resource	yara_rule
behavioral1/memory/2856-1-0x0000000001090000-0x00000000010A2000-memory.dmp	family_chaos
behavioral1/files/0x000b0000000144e8-5.dat	family_chaos
behavioral1/memory/2872-7-0x0000000000BF0000-0x0000000000C02000-memory.dmp	family_chaos

Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	svchost.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_me.txt	svchost.exe

Executes dropped EXE 1 IoCs

pid	Process
2872	svchost.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 34 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Videos\Sample Videos\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	svchost.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Favorites\Links for United States\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Music\Sample Music\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	svchost.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jcs30l5dn.jpg"	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2672	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2872	svchost.exe
2212	vlc.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2856	Avast antivirus.exe
2856	Avast antivirus.exe
2872	svchost.exe
2872	svchost.exe
2872	svchost.exe
2872	svchost.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2212	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2856	Avast antivirus.exe
Token: SeDebugPrivilege	2872	svchost.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe
2212	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2212	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2872	2856	Avast antivirus.exe	28
PID 2856 wrote to memory of 2872	2856	Avast antivirus.exe	28
PID 2856 wrote to memory of 2872	2856	Avast antivirus.exe	28
PID 2872 wrote to memory of 2672	2872	svchost.exe	30
PID 2872 wrote to memory of 2672	2872	svchost.exe	30
PID 2872 wrote to memory of 2672	2872	svchost.exe	30
PID 924 wrote to memory of 1524	924	chrome.exe	33
PID 924 wrote to memory of 1524	924	chrome.exe	33
PID 924 wrote to memory of 1524	924	chrome.exe	33
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2140	924	chrome.exe	35
PID 924 wrote to memory of 2364	924	chrome.exe	36
PID 924 wrote to memory of 2364	924	chrome.exe	36
PID 924 wrote to memory of 2364	924	chrome.exe	36
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37
PID 924 wrote to memory of 1856	924	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\Avast antivirus.exe
"C:\Users\Admin\AppData\Local\Temp\Avast antivirus.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Roaming\svchost.exe
  "C:\Users\Admin\AppData\Roaming\svchost.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Sets desktop wallpaper using registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_me.txt
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef3489758,0x7fef3489768,0x7fef3489778
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1604 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2820 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1320 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3608 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3732 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1576 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2484 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=656 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2400 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2344 --field-trial-handle=1328,i,6450494504500605969,9056116351878657048,131072 /prefetch:1
  2⤵
  PID:1552

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1892

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SwitchBlock.ADTS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
440b838888ea1c9ff4981b0938e4f46e

SHA1
66ec4223962174ad50668b9d7cd10684d51fe6fa

SHA256
c03972321385d63f2c83e5b94d23ed6429b989a47e667f8bd439839e2518a02b

SHA512
d2692eb655108f4ad3fe8504258c8cfb13fa7dfc45f3c5629b2a786110e69555d7d442c2f7cb8a882c1c9c912af396866d46e1859ebe8108ac7a9b38eae8a646

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f268adc84afc80a8b1a858eb59e51a1a

SHA1
536c1484dcd6b693eb06a35da5b44c18454943ae

SHA256
6c8e1c8c37933108b7ccf74811c74b543852209447f119c144acb60accae8139

SHA512
81acdd5eb8def3ad34dbd33db331841fb51249cb214eafbb6e67b74f5d773869074f86b65d4ebd3c7251dd309ba85eb3ea672a249d3246bf25795b84c71b6c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f96dff22ae9686de530722390ff17d74

SHA1
3cb8b1351b555f79fcfd4c10f1f2a176082c64d0

SHA256
627edfa8545776e24e9661f02da3fa180a1abd8151c0814f27cca30d3117c692

SHA512
82850ad2d81ff439367de9d4bcf68e588514acc23c8c782cb2478274a338e2e2fc6fb256099f27ad5bc98c31e0c4ab0b88db64e0ef656b0da03d4abc6dff15d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a94302485e631cd2b57e175b270785fd

SHA1
15b21d29225f25cada1e91fd6d8b16b832f21d0f

SHA256
2ae389cb340b47447bc4343dc34cc6815e4a1309ce8539b266f67417011be200

SHA512
a1731f21c4498e95fd818adec8ea40d9cc2ae2d90d5cdab57e0e32215c14ded9030380d8503f44eca7ba5bbfdef162a2417e64037849ba623b9fb3d9888a66f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37d9bd404ce104678a6cf182ba87ea8b

SHA1
12239efac8876841af145f928ed7ded97173f2e1

SHA256
b54b8193d2b3ddbf71ccfb7db978cb053f95cc5037b2baf8f93f9cb655f021e7

SHA512
47921ee2f305e383b4d32b96502799ec46adc450ab579f2525bfab742934e5cad9beab2a8eeda363f0e482e754a5083f5a35911489ad8eeaa73e88d2764ce91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9f45fba9-ed56-40ad-ab91-cb1a901514c1.tmp

Filesize
7KB

MD5
fea96405901ea1b6f7e6b3222c593772

SHA1
eb7263a0a5efccf762340fec4a14a0e5618b8939

SHA256
8b6a04014c9994008f0e1b17a10344d44c2a75bbfc5763aaa9679b25d7639ef9

SHA512
2d97702d4f1b46ee11e375d77f7d60f166d9785505fb5695cadcda2a0aecbd772cb9764aeed56529a8258ce38b74e42356c4309cacbba3bf41123a9be1bfa598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
68KB

MD5
f203d75a70ada036423e83070526987a

SHA1
06e072c8d3880fb8cab740f01308fc44cd211029

SHA256
9eba99bb152b450919ff7bddc78c09e5eb0c857659b4fd593c94087d289ab255

SHA512
aba05ffe088c648093719cf2d25fdf46a7055583aa496dc8ef6b15c2ccae8d82c91d102edeec3bca5d6556a90c6d9cb03d688f5ba83f7fa87e1745c06a6d5f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
324KB

MD5
5f840d08e6af14f07261cd7a4a371ed9

SHA1
171ed24dfecba1e9baf0d0d829ddc712b478c9af

SHA256
5b11ab58dbaf2d322666c95d04bbce3c56e610578673922da84e5b3ff5671a2c

SHA512
f9dbdf7b4c2dea484a18f345a03c5b80f3b96c536d98f84e189d38a6759978e0ddbf021e16b0be9576d53ab9afc0f287499c993c2db847ef47769ba8c0201e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
139KB

MD5
2ab749d2a8be63ac138391f57c08b053

SHA1
1675a27f9b66ff9218e5597e0d5d5b91456e4413

SHA256
44019b2735ee22009741d2455874fda2f561c13bcae1525cbcf2d3d5d4189c29

SHA512
d90cb5d14f226fa3a987143c207d1902e01b86ab8edbe94606fa8a47b9acd930c58324f38b7f26e4dd5cc4e47fbf59f37421a797e05e367afac6c05b53d83874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
132KB

MD5
96ac3a29be1fafc770ed3f88ccc9bb9b

SHA1
16e30a431188a8f769015a28c07d0d81a50608fa

SHA256
bbd7b4dd3c02ecb1d76b4abb2a92dd04c6aad9aecdd598846f99e9014e84796e

SHA512
893562df782ea2bf57d494c1759f5b945e4ceae164940b9b403678cefa04d70c00ac0f762660282182f1d92b7dc4838ab89cfb1dea369b3db41937ec8648b440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
219KB

MD5
0dc4aa5d1b8b7a4fc86a569a2e0bf1db

SHA1
32c5fc04db79325910df00f69c8c55a2bf706420

SHA256
35602c9710da4d78031fede120b5448ba9da70eb87fc3152254f40f971900641

SHA512
7359fd58278393f72886f90923fca708c842b6f4da7d434557f9b4d5c25ff3479c5120729586e9c3422004e09f87dafc24e850a46145f799c50478e4ad4dd3f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
103KB

MD5
8d7d2f99494152e06af4e5e16b477bd8

SHA1
a849eee228847ee2f9e93bee588e1f7539686b1d

SHA256
fc062494e959eb7aba044c3dcb2a23d04be20b355562bb908b42fcb85d811444

SHA512
b452c54a3fb3ad9d939dc57da9ca632f6113d274456b3818a0f31a7d84c831f37b5750587fe4e940e07f43aac34f9c0752d231f5f092d93c3eb9be2bbc1a01a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
26KB

MD5
bae39537de98b94229a01bda08adada6

SHA1
8313616c4555e32dcd740e12b26e3d00f81d9182

SHA256
74f6645bd711ecc1544fd63a1530fe7b1e78e8c5a2a8a960f2d4443653a89c63

SHA512
bf64c068d915ce20482844efb33f8ada86ba2fb4402ba6d2dee1129cbd81ef32f40badde174ea99693503afc539cced2b486af91bbf56c4416e6a08d08fa63af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
66KB

MD5
c8e40ff28cefa80342ea0e35a7f6e641

SHA1
a75971552516e2d053ff79ba5918eed2b3dcfce2

SHA256
b178f5be39a50c3b4042ae323a9e17179f2c6de407402b5d2528287d97675b97

SHA512
2b71c3b37bbba3d2ed50d0b372a4fe5954e87eb3d7d427ef8090660c2c4081d48159afbb78a9d3cba2595b5dc846545aaa29955c78d8546b1292a920a77f243b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
46KB

MD5
b322e56a86b24d52ba6c2a10614ce78e

SHA1
9a990a198453af55e2c86f8a85ef6eebcb296f4a

SHA256
3df48c3c951cd9bde194b92d644cb82eacb0ea91d01761fbafb645c4462b816e

SHA512
0aa6f828d3a3472325651075887379ad159c348c4399b10e0c3b2556d52f879e1f57b4e8a80c77c1845653d0fa50c8b228c5ac684ca70b79b98c245e4d38ebe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
17KB

MD5
acbba8efd7406773a77ea92db434a8c8

SHA1
efc04737d4cdefbb2d0f6e29c0a6dd745642fb76

SHA256
66964627e2b7b1aa50e647cb7278d6a04ff8632cbc786563977962bcfdfc1bdd

SHA512
ecb406ef6b66490f88bad589660c819faa4887c1b6ea45e596859232183aa9204139a7cffa2bc969d9c08d59db83b0fd92c02fc8809442e02e4eeec7207f61e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
95KB

MD5
47ceb250999327d8551cbdb9c52d06e5

SHA1
46768652f80b7c347ac42472e432c90c511cdb4d

SHA256
120983da1fdc9d9bbde9e9d07b8371cc5aacb5cd8052dda6c401620a932dd3de

SHA512
d3f481fcb52b99a1550f1b27b30ef9ede97ed594fd45e9ed179cd20aacc661085c1cad4feef14a26b44d6c78f17c09b5ad24d3df3287d266dee70eae5d50bb92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
792KB

MD5
53b61f5b29c1179b0279fbd9498a1536

SHA1
140f44cd9d51ae81295ed199ccee46a7d37430dc

SHA256
197e9e4a9e3855014800c3bfb36a9e2c2082dc9ebd743cb7a3cf43736fefea2f

SHA512
e7c6ec98a1e299e4a6c711d02d1c3a27cb3d22be2480f02ec458c9d119e48f70843d441729f3cb52c1f2ffcf4581692eb61ff644f99f88eebaf7c9af4d5cd57d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
32KB

MD5
eda13c6b6a5166489f77c8d20050d7eb

SHA1
83d1706bc1bb4b7e491045b945c3b50db09f58dd

SHA256
6031816aca7ea5570e205613e1d9ca27f99dafad04dfaa478b78b7127acbb637

SHA512
b8cf001a29d1c1a1d9d075e7e695cd913d946ab657b77ef1e23bcb452cf301f7c6a7d7c6da921e49b56108e7794ec974ce44c0fe058180aa5c9e7771f2906357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
140KB

MD5
2049c24b9054366491c423fead4906c4

SHA1
61accf803ac717633a4d077293ddafd95c8127ff

SHA256
d0df7ec8329651bc3ab4a7cb5af1bba360bcd350fb4e99d1bdef726729b78604

SHA512
3b82cc4e758cccad75345fec8c81adf5494c45cd1684652c24880d144ca0095e015b2e0de1079dc9069db6a199402e5808e82d472a5b019f47656f2438338340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
33KB

MD5
49b33cb9e357d2460beeffd074316612

SHA1
a07915250136df6c4a40462c2a0b10da55fd5344

SHA256
7b9467e1b706092433ce64f4f7f3030a9e6ea9a7af765da6ec2d835b9b029c4b

SHA512
da4a82ac46a59d06dd5532ebd8d06581988dc8b92edcf3c21484e40c59103ab85effe4cd55a87d40eaeaeeebd9c8bc58aab88e4e83cae00287c8b47ef8a48195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
36KB

MD5
62fd1704573f0a1ae4c7db83f9f5b470

SHA1
09d03a37492cfd0580ed3b819386bbc4ff64d960

SHA256
3b14ad4d4df0e681fd5aba556473e39e52b31ab98f51dc3db4937bb641a6d667

SHA512
c8108393f8bb91c018ee06ad51d746a33e24ad9041d5cd84792e4c59fb55639b8042ed5c1a424b47263652182ceafe516d0b6adab147e33bbf261d6aee1d3f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
4ab2af69ce20ae7414bca2bc430879b3

SHA1
e0eea0700d24fcad415a79e93c2f7fce5a820f8b

SHA256
5d42f3434463a9f5992141e93e0256e9d9ce047659f71c1249ed3e82cbd5e5c1

SHA512
bf66d305399dbb23d746978a3b587c3c4b72264a944d55563b120638052b9c4c5d04bcfa3d83988fdd9228ce4b51472087f288c36ad640e9bb68d5bbe8da2914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
f8041bdab4114fe9f995e879e5f11d72

SHA1
8580a5e9b4b5b9b6cc8f5c82d9a5aaa04b9cfecd

SHA256
7be81ee074d22261b769751f85bca5f5005516dc3b0236075d2fe6fa10de80ba

SHA512
99ce6de5436a691a228d9a18dc7d65371035b9890805680ff95dfeafc0e79ddea1b6de05a06eff0954b7ed40321882b718a405a99c39c898e918ab94908235a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7770dc.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
985B

MD5
0c04c70eda3ac865730d7bcf554585b2

SHA1
d2c6b6412fd17eebf746d7bd60467719b8f3ddcf

SHA256
a7a71fefadf7d40409361115cf877f3e27d357729f6d4106085386753fa119a7

SHA512
b475f5dccbe7f8b24181c959eb1f3ca1705ec54556f5c6665a38107d0aa20e86aff4e167bd9873cb4767cc2ea7a82684d952ab8f00bba2bd1c898dc94831b622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
985B

MD5
ced564413b699355e1d4b7f1d651be67

SHA1
47cc8ebe39af322b567c3506565d1ec3a2162c0e

SHA256
0d0bd47f0d93e3dd07b6069dfb60bfa923c2059133fb4ee68d4fc1769ac0a4e7

SHA512
ce9d4d207a8e4a024d7058a58640da0fce9e3014a7ffe3139fb6c4af7939f56e5f906090ee5c99f1387f1eab6bcfa3f7ea6db6403f92c2662102c8b0f8e816b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
65d0ee6490c4925a7b151fc4b6724b5b

SHA1
a427a115d9e7c066175d1f5ea82460e0b9d8e3ca

SHA256
8f6806bc27bf9e29deeb690cf6ad38120f060b231fa8f904a4cebf4f2aa81e07

SHA512
7aedb6a295d3d7c1cd36e1689f83055f6c936ea13cf2479d7178d80be019f429a3d09a5e4380121df5bae0ffe5ac3388271b5efb605950c5f6c94f4f4dc72891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f1ef181e6f0a83b3b66e1244aec0ff50

SHA1
4e850396d62c2a4c0b1f7484e63cab6cf69dc588

SHA256
f2b008294c04d0099e017ac1acd376ec1e1c41f365dedb5b904642de3fc2c108

SHA512
49a4b66f40f0ca4c902669d733acccd43bf05bb1069e8896d3db2394bfb3d98341c9f656ae4cc178c0726b0e6bfd24e841a08bda2a5dc1848e443ce1475cd46f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
7aee709af971cd9fb9719429fd323233

SHA1
09aa2397bfae04b8dcdb0491b8310adc7afbe386

SHA256
a3d710d1036127385c497b9a14f52ea4bd0fd81782353b0fb1f851b1bb7bd273

SHA512
c3e565fcb7f5100181d9a8050ba2168a24f572866f159a52397e0d8a9b11f732f6e4910dd6eb7692b671932f2f5a636cc70244c9a20009bc48aa1234de7cd2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
f430028b9a20d086c6bef8ddef752381

SHA1
0a731d8fe687377ec1eddbdabae0cec7007d9605

SHA256
a03db1394e3d67b76442487098eba09271f602b748bb1848e70587df3284fed2

SHA512
ad55292fbc6713a838832df215933a0332bedae27f3369ea32a0a6dd6ba5ce87bed424d3a913612b56645327b139c0475a550339aa5a3c29d35d7436c155f7d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
7c4ecaa3c1da52bf45c76a7bbd168183

SHA1
606ade2eaa4e124a52d97286ae75f80e18f1965a

SHA256
5256ebe314821136dfbf0927186b11e4c8a962457a0bb0a0882fd82a5bfa1227

SHA512
0431f8f555059e02b3ef26b5ea7624bd368c6d25b02b4fe6a719e0c3140c39fcd4245fc68ed51d9e1d98dcbce5efb791580a78f14eafd2eeb5d1ae25152cf781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
66d5bcfbff21cb17e510ee2de8572745

SHA1
313b1e62395902c60c686986b37a933e4b119654

SHA256
a185dfa8f79cf1fe72381452f68a075abcd0b7066da05f75d98b0493cb2a9a01

SHA512
c525d7bef04adc9e9e5b65392a25a9f2d3a45a904bb27a038379822526349846bb4c3f8525623193a6b0224fac8110a8c17247783966c90f22f344c0ce4c30a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
45ab3d45568c19607d1dad858410c39b

SHA1
d51bf189a28d921bbc226e672ed7c55d2ee763eb

SHA256
ea79350dd7cb3e442d861c9bf27f38845e05cb9efa900be791e4ceaa08e5f88a

SHA512
ef6825376838072a289761e45aa1830d7953a2e81826ce161f01988725a1b7d1eefe5089533aa54d5c9eb1a3f04f07a93decff28b78691190b5e79b986678b15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
05e526d42b0648af511dc3991fb87d41

SHA1
94cee945708fcd190054ee79455db10e3db72e03

SHA256
db19bc01e122129002e17fdab27950e5d334ed2280764864ea8cef067f2af38e

SHA512
b5a42fa3c687ffc265b9620a76078b1b87be18e7c411f98f321cccda4eb6e121653bd3de27646d14c838c6ec73a5a07859df92559802980a3ce4c2888b750659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
558e9c500cc1ac78789383783017b921

SHA1
8e60d94f07cd02356777c866d3df1fdf4dbf6415

SHA256
7581e9a81b3a8038401c27a3dbc0010d225e80bfbd1cde658af97dc35585b96c

SHA512
92d15ab8a376c5d82c6bd2f70898aba9ab95c0e1c49eb31b41733cd201ab350ac56f82aaa69d38b569a91e53531a89088eb69c481e0ea929cb2f56914f8e435a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
529f979ce7353475d45c9f59a2c9c5f4

SHA1
5732c58d38808c6b24bf4611eded48bf98c62364

SHA256
3b3e95ff0d3ae4c8421a0987516c6a9d3ea924f8d964ee6f50bd76db2cb2da48

SHA512
d85825ccf18743824b5aa6bf8c5100d2366da036466ced03877fab51fc39ecebabd09354eb82797bace3044891d0d8ccf264aea48bb04c49b007423946ac2d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf786da1.TMP

Filesize
1KB

MD5
886088dc5aa2f4b8b5dee2af0ac3a7d1

SHA1
927e16e51741ce7da7267cdee09b9b97426f5e7a

SHA256
7d9bf9467f37bb8165ce9a0f57828367b24dbc6153392dcf926620cebae86be4

SHA512
bef06d7593861b20e3bc64e5cb08c63ac47b00159d8cc1f61b7d30ab8ddc2015d5e1d5c81fef72de72d785e6c5ceab13f019a81b0b5742dba871c3e41de6a8d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
392b90ea5fc3d2d9550d880b2bbc155f

SHA1
2df928a6c18985ea351571c817561523e5ed5e94

SHA256
b64fb925ed46156135e5a07c7c6cbaaf8d2db6918da5fbbe8884be15dc06dd1b

SHA512
6bcebe46bb0d06302808f1bb0f8d537278cbc54530e054d50c43b9452a61f2b74907ee3125e965ebc1e2f4a4feb3b220f0a1aac37c8ec9c2019d53039b81e1a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c4cbdc73161ae8c715d57fe8cd505475

SHA1
9fde696c81e431e4647a300292303b67967f2d95

SHA256
bb282d8b04a6c199dde368ef05c50cc8d9b01e70fd20ca413b69d4b4889b72e4

SHA512
4ca9f1b007ab5d3e33eeb55a752a3bce55903e90738c35a94bccd9c39c6b815315dfb4b70d90e9e6b36e232872c831fca5623e5fc2fbb9953d4f3383dd051f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
102f25c9ae62e9045d56d11879b36fb4

SHA1
ad968165417b002bf24a13a91fd9c87ae7d78c64

SHA256
c99f5cd765989f9b42382d91a6a6be4137adf47abebd9a5b24f5127d0a225248

SHA512
2c5be20c2fb757eaf76a061afac9711a3fa72e924f840c0adf321b778332293976c7fcaa10741a50a9a32e1fc5a939390a00d1f06b0aefc10b70c4dcfbf2f627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3b1d51f82bfaf1c1e28b4fb77d07f644

SHA1
292cbe58fada831b31894df12a4a6e542a9b8006

SHA256
01746ceef45cbc09ed01ecefbf06c79395a921f4f95171a149f211e65ba5313c

SHA512
76e965191b697db18e7b6546c3387a6bf1589e864cd9b4d410f7d1e25292998458272cdb35d2161378e3a5c0677049b6206b73f8a53580004619327473f9dc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce33e08d018b356badd15ddd8187f9f0

SHA1
ea1a28ced723cab22aff41061d94bb9ac8b294c0

SHA256
6268ce7d29ea059421f0eb41610ca846d9f5ce6cb5383f222b4f7e12e061224a

SHA512
eb8eeb6e2818a42038531811efd5576906405b0052a14cfc1b588b8c1dd1bdd33b0a7d1a807be452af253f47ac4fc0e10df4c975166a754424b3af9910fc4a5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
5686335fe911fe99d7a513c267111d03

SHA1
a107024202c66e66d4017a6f0b0076c7acb9d1f0

SHA256
01521dbf6a428ed1c79a6dc1dd450e2eaba479a4f1828ff8347b3ab8939b35a5

SHA512
5d8834dc684695cd56aebf11d2735248ef15296540f3b4e16752d4b217a5c95c2011e97e0277476a92f9044de2e88dc16ec996a75cff6136943b3aa4827974ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
d60bb5cdb901f9b3c95f292437512e3b

SHA1
9b9cf66ab43f5cc46db215edbb14ac2d922eb2cd

SHA256
69dd8e17f5a8645fa509956615dae37dce6994453ce8dc000b84b477426aa0ab

SHA512
3a3ecb9201cb2635ae2fe805103dcff146efb2fd29a7c917c11490aba9722dfc678b4c18826d4d083c51f7fda5cf3ccb345aa2736cd47d2e104046aa5bf4b9c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
266KB

MD5
9815f41a614f95984e63ca43cdaf9e8c

SHA1
16b388cf78f55b646e878ec0c7a024f2d4b1620a

SHA256
5bad77c64074796b97147abbf666bb18bd507bf68d32eb790c71fe4738c46a9e

SHA512
a00fd8f297b05eadb008220751ee1c01b86f76c712949330863780a2be70be986b5291ca8d71578e91c88b55d7d43f109912457305c757d1d702f1b1c8f207ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\eb875ba8-856c-4d4e-a920-ced6d43d3788.tmp

Filesize
266KB

MD5
a93052e43e0f9d6158781b31fa42633c

SHA1
bc2bb58424b1286bd7c7210afb4ece1a15ffaba9

SHA256
50514b6bb7dc004f24a3b9dd300d3a7b4b7a8aa6d9bffd9d8d3405329dc84fd3

SHA512
f09de9032562344d38486b00bd73d8e93253c82aa2b58443de1aaed5640231c4b662cebbea1b2bf1e7df26d9dfc277f561eeb77e2cc1ef8d854fbb759f37d5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar87CD.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe

Filesize
47KB

MD5
825237535c11ac8b38d3227a9b0d68e4

SHA1
afb3d9a122d1f9c5149148ead8fdeabc8f065648

SHA256
d139cf9992044e972e139f409f80f7c944ae0e03541fc3fb85f0e78a1ca03440

SHA512
6d9a7953149d979985f470746f0f53d637e85aaaef6d50b0ee2a4af5654677784b13064caab49f51ac1e9497af13b66c36954f10b7def7ecc8f66e57e1970419

Download Submit
C:\Users\Admin\Documents\read_me.txt

Filesize
211B

MD5
555181e356e52cf25787d4028f1e7388

SHA1
780812b54aa7483f05c2088184f7418a335c2312

SHA256
c7c665cf92588d092af5b0878503c49fb7cceb0a523b43edd819d26aabb84072

SHA512
5bacd730843c8b3e5c09c6bdaea0e03c04f498ead9b9844afb05a61c0a52c8af63ebcd9dddad33ddab93c6a18223e9b89e04eb6faaee9684c204c6599c9e4317

Download Submit
memory/2212-1794-0x000007FEF7180000-0x000007FEF71B4000-memory.dmp

Filesize
208KB

Download
memory/2212-1793-0x000000013F1E0000-0x000000013F2D8000-memory.dmp

Filesize
992KB

Download
memory/2212-1795-0x000007FEF30A0000-0x000007FEF3354000-memory.dmp

Filesize
2.7MB

Download
memory/2212-1796-0x000007FEEC3F0000-0x000007FEED49B000-memory.dmp

Filesize
16.7MB

Download
memory/2856-1-0x0000000001090000-0x00000000010A2000-memory.dmp

Filesize
72KB

Download
memory/2856-0-0x000007FEF5953000-0x000007FEF5954000-memory.dmp

Filesize
4KB

Download
memory/2872-7-0x0000000000BF0000-0x0000000000C02000-memory.dmp

Filesize
72KB

Download
memory/2872-19-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

Filesize
9.9MB

Download
memory/2872-24-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

Filesize
9.9MB

Download
memory/2872-454-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

Filesize
9.9MB

Download