Analysis Overview
Threat Level: Known bad
The file https://wetransfer.com/downloads/9be1e0d748ecdb65fd7cd24652d997e620240912181016/ff05de was found to be: Known bad.
Malicious Activity Summary
Chaos Ransomware
Chaos
Downloads MZ/PE file
Browser Information Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-12 18:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-12 18:23
Reported
2024-09-12 18:25
Platform
win10v2004-20240802-en
Max time kernel
66s
Max time network
68s
Command Line
Signatures
Chaos
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706390394159656" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wetransfer.com/downloads/9be1e0d748ecdb65fd7cd24652d997e620240912181016/ff05de
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff969c2cc40,0x7ff969c2cc4c,0x7ff969c2cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1864,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1848 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2476 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4660 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4704,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4804 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x470
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4928,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5092,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5240,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5420,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5428,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5404,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5708,i,1168279347932240452,9360679999175867969,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\oldprojectsarchive.m4a"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\oldprojectsarchive.m4a"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wetransfer.com | udp |
| GB | 18.244.140.44:443 | wetransfer.com | tcp |
| US | 8.8.8.8:53 | cdn.wetransfer.com | udp |
| GB | 18.244.140.44:443 | cdn.wetransfer.com | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | tagging.wetransfer.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| GB | 18.244.114.73:443 | tagging.wetransfer.com | tcp |
| US | 8.8.8.8:53 | public.profitwell.com | udp |
| US | 8.8.8.8:53 | ekstrom.wetransfer.net | udp |
| GB | 18.245.143.47:443 | public.profitwell.com | tcp |
| GB | 18.244.140.112:443 | cdn.wetransfer.com | udp |
| IE | 54.220.3.30:443 | ekstrom.wetransfer.net | tcp |
| IE | 54.220.3.30:443 | ekstrom.wetransfer.net | tcp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | auth-session-caching.wetransfer.net | udp |
| IE | 54.220.3.30:443 | auth-session-caching.wetransfer.net | tcp |
| US | 8.8.8.8:53 | privacy.wetransfer.com | udp |
| GB | 18.165.227.96:443 | privacy.wetransfer.com | tcp |
| US | 8.8.8.8:53 | experiments.wetransfer.com | udp |
| GB | 13.224.222.61:443 | experiments.wetransfer.com | tcp |
| US | 8.8.8.8:53 | 112.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.3.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.227.165.18.in-addr.arpa | udp |
| GB | 18.165.227.96:443 | privacy.wetransfer.com | tcp |
| US | 8.8.8.8:53 | snowplow.wetransfer.com | udp |
| IE | 52.18.56.135:443 | snowplow.wetransfer.com | tcp |
| IE | 52.18.56.135:443 | snowplow.wetransfer.com | tcp |
| US | 8.8.8.8:53 | api.pico.bendingspoonsapps.com | udp |
| US | 34.102.204.67:443 | api.pico.bendingspoonsapps.com | tcp |
| US | 8.8.8.8:53 | analytics-v2.wetransfer.com | udp |
| GB | 99.84.9.45:443 | analytics-v2.wetransfer.com | tcp |
| US | 8.8.8.8:53 | 135.56.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.102.34.in-addr.arpa | udp |
| US | 34.102.204.67:443 | api.pico.bendingspoonsapps.com | udp |
| US | 8.8.8.8:53 | 45.9.84.99.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | s.pinimg.com | udp |
| US | 8.8.8.8:53 | js.adsrvr.org | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| PL | 57.144.110.128:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | di.rlcdn.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 151.101.129.140:443 | www.redditstatic.com | tcp |
| GB | 99.86.116.119:443 | js.adsrvr.org | tcp |
| GB | 184.26.132.239:443 | s.pinimg.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 35.244.174.68:443 | di.rlcdn.com | tcp |
| US | 151.101.129.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | pixel-config.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | insight.adsrvr.org | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| GB | 184.26.132.239:443 | s.pinimg.com | udp |
| US | 8.8.8.8:53 | e-10220.adzerk.net | udp |
| US | 151.101.65.140:443 | alb.reddit.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 15.197.193.217:443 | insight.adsrvr.org | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 52.204.68.65:443 | e-10220.adzerk.net | tcp |
| US | 8.8.8.8:53 | ct.pinterest.com | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 151.101.192.84:443 | ct.pinterest.com | tcp |
| US | 151.101.192.84:443 | ct.pinterest.com | tcp |
| US | 151.101.192.84:443 | ct.pinterest.com | tcp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| PL | 57.144.110.128:443 | connect.facebook.net | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 151.101.192.84:443 | ct.pinterest.com | udp |
| US | 151.101.192.84:443 | ct.pinterest.com | tcp |
| GB | 99.86.116.119:443 | js.adsrvr.org | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| PL | 57.144.110.1:443 | www.facebook.com | tcp |
| PL | 57.144.110.1:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | nolan.wetransfer.net | udp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| GB | 18.245.162.113:443 | nolan.wetransfer.net | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.116.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.110.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.132.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.68.204.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.110.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lebowski.wetransfer.com | udp |
| US | 8.8.8.8:53 | cdn.brandmetrics.com | udp |
| IE | 52.30.159.85:443 | lebowski.wetransfer.com | tcp |
| US | 104.26.1.90:443 | cdn.brandmetrics.com | tcp |
| IE | 52.30.159.85:443 | lebowski.wetransfer.com | tcp |
| US | 8.8.8.8:53 | collector.brandmetrics.com | udp |
| GB | 20.90.134.35:443 | collector.brandmetrics.com | tcp |
| GB | 18.245.162.113:443 | nolan.wetransfer.net | tcp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.159.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| GB | 18.172.148.233:443 | www.datadoghq-browser-agent.com | tcp |
| US | 8.8.8.8:53 | backgrounds.wetransfer.net | udp |
| GB | 18.245.143.127:443 | backgrounds.wetransfer.net | tcp |
| US | 8.8.8.8:53 | z.moatads.com | udp |
| US | 8.8.8.8:53 | pixel.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | cdn.lamp.avct.cloud | udp |
| GB | 20.90.134.35:443 | collector.brandmetrics.com | tcp |
| US | 8.8.8.8:53 | donny.wetransfer.com | udp |
| PL | 57.144.110.1:443 | www.facebook.com | udp |
| IE | 52.48.134.213:443 | donny.wetransfer.com | tcp |
| IE | 52.215.47.234:443 | pixel.adsafeprotected.com | tcp |
| GB | 18.245.218.63:443 | cdn.lamp.avct.cloud | tcp |
| GB | 2.18.109.123:443 | z.moatads.com | tcp |
| US | 8.8.8.8:53 | download.wetransfer.com | udp |
| US | 8.8.8.8:53 | measure.lamp.avct.cloud | udp |
| US | 8.8.8.8:53 | 35.134.90.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.148.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.134.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.47.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.109.18.2.in-addr.arpa | udp |
| GB | 108.156.39.16:443 | download.wetransfer.com | tcp |
| GB | 108.156.39.16:443 | download.wetransfer.com | tcp |
| IE | 79.125.41.255:443 | measure.lamp.avct.cloud | tcp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| GB | 52.84.90.96:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| US | 18.205.210.38:443 | dt.adsafeprotected.com | tcp |
| US | 18.205.210.38:443 | dt.adsafeprotected.com | tcp |
| US | 18.205.210.38:443 | dt.adsafeprotected.com | tcp |
| US | 18.205.210.38:443 | dt.adsafeprotected.com | tcp |
| US | 18.205.210.38:443 | dt.adsafeprotected.com | tcp |
| US | 18.205.210.38:443 | dt.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | 16.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.41.125.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.210.205.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4544_FGCJDENYALLXCTRB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 8f2e70d93f7af21da77a75424328fb00 |
| SHA1 | 3e11a354cfc77d01665e5fdd5d2f67b222c2582d |
| SHA256 | 888f292e7207b59b90b8eb8c9ba338eda81d225672b822b7fa38d642dd4db28a |
| SHA512 | 79d0068a072015e82e1a397d7e01949e9cd6c8aeac6c157f8018af87045d6bd5f1fc9a94bbdaf7d875a8297d720d3a645e5300fc7bef2ba74851096a96a87ade |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d2fe4dbd70bc1bdead834c94c0292724 |
| SHA1 | 85cb29239abdce297ee21c6be6e5f010f0c68999 |
| SHA256 | 6ec2edb825e67d541dd5af5b63e5c12e8b41abccf0886e34d9e0a54a389ae22c |
| SHA512 | 4e5611da950a5844f10b8f1be22dbeb6d7c7d1153d1e5508b980440ee82dfb488365b6fc1e8cfa220af46fc48edd054ec094e423f48778d6c6406eb849b30a6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f87503cecfb67aade34ed57458c903d4 |
| SHA1 | 94bdf409d087d29cad1b3c3705712f336af30690 |
| SHA256 | 38efb5126b8e070170069cfce73231ced82c2468931adb860dbc0a25bf2efb11 |
| SHA512 | a3f4fd16c898d386cbc9633ce31e3c80ff7a72da5ec33e60e1f86b6b2cd15b48cdaafb47d65699c0acadb5a648bfd7c387c540d95a61f1b85f9d0075391e197c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ad9727f2199e4a7a514052834b96cce1 |
| SHA1 | b363e05834e3c3fccc11b31d49f3fab9d7efbcb2 |
| SHA256 | 64dc57b8bf3842593eeba2e5867f87c88fe71c8c83ed9e1439c174a01174e64b |
| SHA512 | 4ee8241b84bb47f76cdd62b94a319c0f075f6815eb0aa5bd0ba236254ba7dbc9c7845639e9bc9a3fcdee07c470bbec64e977564cb7c13bd34932e759239f7932 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ef908cf801398b7fb42921a152c9f9d9 |
| SHA1 | fb055a934fc5473073740a2b389f3893ff77ebcf |
| SHA256 | 44a29e677defc94d098f853be410e261a5a541cb7ad7b441d6935c5de7c7235f |
| SHA512 | 87f43324c487715a2cd1e210084ef239c018fb503f8dde31f991c4170f66ad428e57773c31913e201eb5e119671a687d4c7cc5b8ebb213260d85aa6f37d2e9ea |
C:\Users\Admin\Downloads\oldprojectsarchive.m4a
| MD5 | fea1a65314bafdb1fd96225dc4f7fb7f |
| SHA1 | 06f754725acd0c584259d10d59c0923994579ce2 |
| SHA256 | 3ce856e07d2907ce3c9e93a54848452d57227524d5a5e1bb67ed0146cbd19e3c |
| SHA512 | 8e6e2ba63fa93548a59931523fba41fc495fdccfd1af3ea0c5fd032c4a5283157e327dd2d4aa004aa77df2035dfadc4b34b63acb429e7c60442b8ede376b7a12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b2f32d850044cbf9c79f44b6fe04130 |
| SHA1 | ffeb6cf8f6c11cd9e6c7218a5bed4bc8702f4966 |
| SHA256 | c47836c99a9f3a792cbcbd8bcc6514c800890df5f512c05349cf564273c92eb5 |
| SHA512 | 8af67d75402b30a207231244d221c703f4e5c16cd80a8e7360a804ddcda9b18205c5d3b599ca898aee91a6d173e2d3146c7c69b880bf4c73d7ad76eb468047a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ebea90767b824ea58f4662393dd543ff |
| SHA1 | 3194d19fa7c83e74375b19aaf032457132aae0d9 |
| SHA256 | e6d91276110424ab9c8de26b639f5641e4f48233e4291f6cea22eb39e1d7ae55 |
| SHA512 | fde5e5c37f0edf81d55fbc02eba2034d095ae5e105a7e9082320a2cfba63aed5b9fc04148da0aadd842549d069b48a52f16a02669819021b4b7668b99ce3155d |
memory/3524-249-0x00007FF7A0700000-0x00007FF7A07F8000-memory.dmp
memory/3524-250-0x00007FF958090000-0x00007FF9580C4000-memory.dmp
memory/3524-255-0x00007FF960820000-0x00007FF960837000-memory.dmp
memory/3524-251-0x00007FF9562E0000-0x00007FF956596000-memory.dmp
memory/3524-259-0x00007FF955DD0000-0x00007FF955FDB000-memory.dmp
memory/3524-258-0x00007FF9562A0000-0x00007FF9562B1000-memory.dmp
memory/3524-257-0x00007FF9562C0000-0x00007FF9562DD000-memory.dmp
memory/3524-256-0x00007FF957530000-0x00007FF957541000-memory.dmp
memory/3524-253-0x00007FF965DA0000-0x00007FF965DB7000-memory.dmp
memory/3524-254-0x00007FF960E60000-0x00007FF960E71000-memory.dmp
memory/3524-252-0x00007FF9691F0000-0x00007FF969208000-memory.dmp
memory/3524-267-0x00007FF953FC0000-0x00007FF953FD1000-memory.dmp
memory/3524-266-0x00007FF9547F0000-0x00007FF954801000-memory.dmp
memory/3524-265-0x00007FF954810000-0x00007FF954821000-memory.dmp
memory/3524-264-0x00007FF954830000-0x00007FF954841000-memory.dmp
memory/3524-263-0x00007FF954850000-0x00007FF954868000-memory.dmp
memory/3524-260-0x000002076B220000-0x000002076C2D0000-memory.dmp
memory/3524-262-0x00007FF954870000-0x00007FF954891000-memory.dmp
memory/3524-261-0x00007FF9548A0000-0x00007FF9548E1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ebfb6e14e74f146422f03b65dfad1ed2 |
| SHA1 | d6887ce0db607edfb7299d313f64740e94c8e0c0 |
| SHA256 | 0b3dec4e0e166e14707fda92977daa5b14fba2e3afea544a64783ca15e311fc7 |
| SHA512 | 12e3fa40390c36c53f6455b7bc4c1cacefe980e1bd1be35a5bd9ed487287b7c00c35f552e4b289af70f48c3701e779b1e991b9f78e2e9b7aefab604e979b88df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 74cb071da1e602b4410c9dddce4caf20 |
| SHA1 | 61e4f0c70c552bb2b997f85cb3672b987b6b968d |
| SHA256 | 300e5891e2a620f5a4c89df9618cc3b81c89b3e6c3912087583d3c99ec27bebe |
| SHA512 | 5ab4a2c805b253ece0982ecd35607b4986ca5a7dad61ba4bc09f875821ad97149090ea3274c44204d52a7fa748a25f7a4595ca16745ea9d64077e953bb321a00 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 28e454f27c70953d7e569531de4ad4d2 |
| SHA1 | af1f8649a83e8ddad0011262fc7de56ea206edb4 |
| SHA256 | 1c1b2f279140b2f0705eba3727a3178e1b479d3c9852ecf2ca3d418e638f4c39 |
| SHA512 | d6265cc62bb47fc619e8e496da0f6e2b56e459f83bcea611431fe5e8e819c73c01887ff58a2a3622b40a8263916c104ef722b672d8e7a6cfdb8dbab46388d76a |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock
| MD5 | 650e01010e58ce0bb0822c4da5d2ecd4 |
| SHA1 | 7d16cebcf967c83bf135581ae3c98c2128aae3bd |
| SHA256 | 2b620689cdd2a810fd3f040cc44da38a5b7ef187de744633e800490ae18daeb0 |
| SHA512 | 756c6c12d89f2a1062091674d6e8614ea1de4a67e67a8d0bcd5381082b3ff75b632615d0a92ec1c1f047f7727e6c8f053282268bd3563777a57f91135cf2bfe9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 087a9f06fe77b789a03467fb659df531 |
| SHA1 | 0a9fe1f433ff89d4b247f4eb9f043f06ad42dc6c |
| SHA256 | 35f8fcfd5e3500cdfeba5755ee6f3444b4a335e21da8164c53879232668140f4 |
| SHA512 | 30a6d1c4e473745b87ea0b019540982708d66b34d896277b8340b3a4b4ae5d84bd47493205f845cc80b134b61f53c9c02d1d7cd484749e264a56463c82f4fd7f |
memory/3524-329-0x000002076B220000-0x000002076C2D0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c021d44c76b8da6f0eb3370b20e08454 |
| SHA1 | 167b393d6048d1edc2ad346b22ea2dc8a2af9a05 |
| SHA256 | da4d0add9e05ea83b4dfb3d0305bd61ef4a37ecf6462e35488ba9d554693f582 |
| SHA512 | d0d32e6944e85879161edb127032088fdc68a51a920795b9fb219fbef40d12e8b9615f6c06b9cc9a31ff5e2e38dfba6b4152ef0f8e711c46e102a0d118634798 |
memory/3524-377-0x00007FF7A0700000-0x00007FF7A07F8000-memory.dmp
memory/3524-379-0x00007FF9562E0000-0x00007FF956596000-memory.dmp
memory/3524-378-0x00007FF958090000-0x00007FF9580C4000-memory.dmp
memory/3524-380-0x000002076B220000-0x000002076C2D0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c28f4da6392532d618b8b2bc28686b6 |
| SHA1 | 32b81240a77793e17679a571bc0781d8d823a433 |
| SHA256 | d2a6b490c6eff704fd7e23524e5ed151927ad18a75dd1c10e24eb2910b6d37bd |
| SHA512 | 88cf5545c8435bba6c6bf722463e750888a0046cd91014b092ff042fe38042c42a1285ed7a0ab780222c93105f6774ef58387a70caaa04cb9b974ef41e960e72 |
C:\Users\Admin\AppData\Roaming\vlc\vlcrc
| MD5 | ec3bdb41d903f7f7569e7480d02999e3 |
| SHA1 | 57c13d86e04a69e840f22092f75e9255fc81dbdf |
| SHA256 | 13f9604d1134251dbe1a950cd34cbde0ebb98c5cce8d3c81115e2fdee9f1270f |
| SHA512 | 82c2922003a03c853f9426f23c364503610a35301fe56917a97c72295ef0f8c23765734d84ed8d4c3748e14d4d3a23381671717102c3d4067f3d2383f2fc0ded |
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf
| MD5 | 781602441469750c3219c8c38b515ed4 |
| SHA1 | e885acd1cbd0b897ebcedbb145bef1c330f80595 |
| SHA256 | 81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d |
| SHA512 | 2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 7b8e4135bf5416133a0a8450dd0df361 |
| SHA1 | eeca958149de4d62e0f6a88e3352772723b85dbc |
| SHA256 | c686c21bd61e12f66785bf51ad66cc2a6ae04c22305c9b80ef8049229bf07284 |
| SHA512 | 8720f573d87a4d526c9c95405dd0ca194b1d5943859114fbe9b3fb20dd6c92fbd9811e319bcc58c961e8f222c95ef9fa46c07fea61f9f5eaf729267413747600 |
memory/2168-407-0x00007FF955DD0000-0x00007FF955FDB000-memory.dmp
memory/2168-417-0x00007FF9580A0000-0x00007FF9580D0000-memory.dmp
memory/2168-422-0x00007FF955730000-0x00007FF9558B0000-memory.dmp
memory/2168-421-0x00007FF965DA0000-0x00007FF965DB1000-memory.dmp
memory/2168-420-0x00007FF9691F0000-0x00007FF969201000-memory.dmp
memory/2168-419-0x00007FF9558B0000-0x00007FF95592C000-memory.dmp
memory/2168-418-0x00007FF955930000-0x00007FF955997000-memory.dmp
memory/2168-416-0x00007FF969410000-0x00007FF969428000-memory.dmp
memory/2168-415-0x00007FF969430000-0x00007FF969441000-memory.dmp
memory/2168-414-0x00007FF969450000-0x00007FF96946B000-memory.dmp
memory/2168-413-0x00007FF969470000-0x00007FF969481000-memory.dmp
memory/2168-412-0x00007FF969490000-0x00007FF9694A1000-memory.dmp
memory/2168-411-0x00007FF9694B0000-0x00007FF9694C1000-memory.dmp
memory/2168-410-0x00007FF9694D0000-0x00007FF9694E8000-memory.dmp
memory/2168-409-0x00007FF9694F0000-0x00007FF969511000-memory.dmp
memory/2168-408-0x00007FF969520000-0x00007FF969561000-memory.dmp
memory/2168-406-0x00007FF969570000-0x00007FF969581000-memory.dmp
memory/2168-403-0x00007FF9562E0000-0x00007FF956596000-memory.dmp
memory/2168-401-0x00007FF7A0700000-0x00007FF7A07F8000-memory.dmp
memory/2168-402-0x00007FF969FF0000-0x00007FF96A024000-memory.dmp
memory/2168-405-0x00007FF969590000-0x00007FF9695A7000-memory.dmp
memory/2168-404-0x00007FF9695B0000-0x00007FF9695C8000-memory.dmp