f02c71df318287b7ec8d938c59663546b376cf21b2c4689eae45d1e7851c0ef5

Analysis

max time kernel
1799s
max time network
1722s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
17/04/2023, 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot (1).png
Size

201KB
MD5

28cff28c1857954db65712c79533ba89
SHA1

4819ad0535ef4669b0a57330827f4508f5901a5f
SHA256

f02c71df318287b7ec8d938c59663546b376cf21b2c4689eae45d1e7851c0ef5
SHA512

4cdb707eb7b31015cfd5a1d55034fc508e371f0e97cbbcbcd0ab7cfff0a4223643252c382a5e3eedb3515f353fee4fce7ec80d6bb68e8e162c4f1cba8a6f8900
SSDEEP

6144:nUC95ESLg1NosnadHnvfdsLtacf1s+lj59ZP7jF:UGNg16HdHnvFshVs+lh7jF

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262101288746978"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4748	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4748	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4748	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 4848	4868	chrome.exe	70
PID 4868 wrote to memory of 4848	4868	chrome.exe	70
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4424	4868	chrome.exe	73
PID 4868 wrote to memory of 4784	4868	chrome.exe	72
PID 4868 wrote to memory of 4784	4868	chrome.exe	72
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74
PID 4868 wrote to memory of 2672	4868	chrome.exe	74

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot (1).png"
1⤵
PID:3780

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UninstallInitialize.avi"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff89a8e9758,0x7ff89a8e9768,0x7ff89a8e9778
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3576 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1768,i,3340826416793005205,1990171039334770246,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
924B

MD5
3ea0f3ab68b76351da437130f6d6bb8c

SHA1
0aac18a3ba9476b7884b5fc4886b0a829e8e17ae

SHA256
d2c12241c71a56a59b9d7acb9d98f9dda374fdd4407406379e1bf74b1f82d747

SHA512
f97ab7b460415e44cff0744bb5aa3d68dce668ea57c6382266db34082038b7fe7cacaac92d1fb70c4e641ed51f2fb2bfe27facab748c1f754a533c011449f78c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
aa97431b6d7efa98c38a825683336633

SHA1
c1468e46ca4d5911b7bbe537a0f8f031a76ef939

SHA256
b7cef871879c363b2c7fa1ed23e131c2c2add7d234e7744e5f64e968ed5df766

SHA512
44dd5cfd6cc6f89454d1a82c88b21e7a5c23f2793ae298960da955bc3cacc77a00c526c3bebc95a139f9e31812d78cdd24d18ecbfb36892339ddb8532c33f026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f1011b93581b5073fdae99c71da84acc

SHA1
30f3a2f97bc9b493ac48c2aeb7b57e1615e96f25

SHA256
7c12cac178de9f495fabfab09d0de38606f3bd8c61ebb6a50179fb92d9414465

SHA512
27ff549fbd1851b1a2a5747acca851689a18150d1bc6d4e42a795ed7ea3a1bcac759813671d21a39f2fcdc7278ef9564ee6f7b3e84679f9974865989f5fbb7b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ac805ad242bbd8d9c33f615ae8c92651

SHA1
9806f723ad54b952da9e1ea816e33e900b806aab

SHA256
2e9bc721a7b67d948bb561a4891fdfe593c0582f72d2fa9b72fc63656312db72

SHA512
4726b6d148b0fb403ba4f32902a08d577c34f4e9897522a59e95b2f58ff16be6b3e13a4e67cd861db49345883ea9f0f27937376be1f50ee13a26ca04c4ca6ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e7da9c76-720a-46b9-8250-6d72796a150f.tmp

Filesize
5KB

MD5
c352e06de594c677ab4cc294b1a69046

SHA1
8d127fcc640ab458d7c53a7fa5d7244ed03e5060

SHA256
3ea288195c1d7d5bec54c4f9fa014f97f4488904cc589063792564af3f3c32c5

SHA512
6b45cd73dd555b8242ea97eec7be59fdf7793546546e278faf8575144950f94c81ff656ce056bf013fc10feec0cef5e99e4cef3fe69f956530145bc47add4403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
6fe269100d1d60883d5a14aac8e38423

SHA1
d1634f4371c105bd6987d778eb3d0d5d69a305a2

SHA256
56d853884130e8c0ac81fb5c4e24b5dd85bca6faeb08004086be59a55cea8994

SHA512
0fa86c7a9c3a8efb1ef2c4cd68fa555d40180fa326a1c5818cffbe54f678099cfd88fd16695cbdaa1efc4241fccb0ec371b0684762091793cf0510ac4a9c94c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
7afca11ad904670a027f2f6eb6b556fc

SHA1
893c7adf2e433e7ba2c04489857bed1380ee8926

SHA256
bdf95ed27c603fc1e4e2010a2e96ce6b34064d2431685814dcadbdd03cc99cea

SHA512
75b0e15ba1ee8246e51c1e6294b8c64e1fd15f8c328f7fd74153cfff542429a900e254f14c5df8f5942fb6e09e52c92c3408d8cfccc849a25defd1e314d6de74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
b277e0bcb02e509dcf9c3e167823dc0e

SHA1
7a74122ae15a57501a4b17a69ba2d605e9e01f16

SHA256
c3fa672ee0ba0b274862c012af78289a5489d322ecab2dc98062dc46ce045981

SHA512
c95d31cc130721014e0f95cb8874141f064280e48d1e88ae5acc4ad8a4fcca0f7dcdeee429bd90d5fa9ce668f36bba9d7a07f1675ddb7c05eeaca9236db4d1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
b57b03e9cfcb909d57f8792c4ce8fac4

SHA1
3878b59c310f41992ba2a1b9e494e2a5aec9ca1b

SHA256
56253fcb493ebd4dfaa834db324b939f2a03d962ffb541cf06c9c8554e131b3a

SHA512
4c03293de70083b5cfc3ead6ebdd7f2b5d10dda7e0c6f9c20fac30bd42befc4ac11018195256507af72b9c746b2a346032d7b262494ad754ca6900a6e62ec9fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc.4748

Filesize
93KB

MD5
478a4a09f4f74e97335cd4d5e9da7ab5

SHA1
3c4f1dc52a293f079095d0b0370428ec8e8f9315

SHA256
884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

SHA512
e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

Download Submit
memory/4748-135-0x00007FF897B60000-0x00007FF897C72000-memory.dmp

Filesize
1.1MB

Download
memory/4748-134-0x00007FF8985B0000-0x00007FF89965B000-memory.dmp

Filesize
16.7MB

Download
memory/4748-133-0x00007FF89A650000-0x00007FF89A904000-memory.dmp

Filesize
2.7MB

Download
memory/4748-132-0x00007FF8A92A0000-0x00007FF8A92D4000-memory.dmp

Filesize
208KB

Download
memory/4748-131-0x00007FF61A640000-0x00007FF61A738000-memory.dmp

Filesize
992KB

Download