hxxps://cdn[.]discordapp[.]com/attachments/1268256058929840182/1268256060637053010/JerryBundle_-_JerryFlow_v1__v2_and_JerryShakes[.]zip?ex=66bd8f3f&is=66bc3dbf&hm=1627c77438eb4e0fa6ea9f9084a8926a0d0914628295006f7719f6c39fd13d33&

Analysis

max time kernel
193s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14-08-2024 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1268256058929840182/1268256060637053010/JerryBundle_-_JerryFlow_v1__v2_and_JerryShakes.zip?ex=66bd8f3f&is=66bc3dbf&hm=1627c77438eb4e0fa6ea9f9084a8926a0d0914628295006f7719f6c39fd13d33&

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681087338153280"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4940	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4940	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe

Suspicious use of SendNotifyMessage 43 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe
4940	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3432	OpenWith.exe
4940	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 596	1508	chrome.exe	75
PID 1508 wrote to memory of 596	1508	chrome.exe	75
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 2140	1508	chrome.exe	77
PID 1508 wrote to memory of 4840	1508	chrome.exe	78
PID 1508 wrote to memory of 4840	1508	chrome.exe	78
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79
PID 1508 wrote to memory of 528	1508	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1268256058929840182/1268256060637053010/JerryBundle_-_JerryFlow_v1__v2_and_JerryShakes.zip?ex=66bd8f3f&is=66bc3dbf&hm=1627c77438eb4e0fa6ea9f9084a8926a0d0914628295006f7719f6c39fd13d33&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffcad99758,0x7fffcad99768,0x7fffcad99778
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1852,i,4039175523063733474,3040140326778819371,131072 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1852,i,4039175523063733474,3040140326778819371,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1852,i,4039175523063733474,3040140326778819371,131072 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1852,i,4039175523063733474,3040140326778819371,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1852,i,4039175523063733474,3040140326778819371,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1852,i,4039175523063733474,3040140326778819371,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1852,i,4039175523063733474,3040140326778819371,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1852,i,4039175523063733474,3040140326778819371,131072 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1852,i,4039175523063733474,3040140326778819371,131072 /prefetch:8
  2⤵
  PID:908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2804

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_JerryBundle - JerryFlow v1 + v2 and JerryShakes.zip\JerryBundle - JerryFlow v1 + v2 and JerryShakes\JerryFlow V2\JerryFlow V2\Join Our Community in Discord.txt
1⤵
PID:3108

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_JerryBundle - JerryFlow v1 + v2 and JerryShakes.zip\JerryBundle - JerryFlow v1 + v2 and JerryShakes\JerryFlow V2\JerryFlow V2\DeltaLeaks IMPORTANT INFO.txt
1⤵
PID:4876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3432

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_JerryBundle - JerryFlow v1 + v2 and JerryShakes.zip\JerryBundle - JerryFlow v1 + v2 and JerryShakes\__MACOSX\JerryFlow\._How to install.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
ee7fbf39e8bb525f201a716cb4684d9f

SHA1
0f4b4394868da2696c4c73ba5cca78c14779943b

SHA256
2e49e744e6884f44bbbe7caab3bb48728e56dd1a0d676ecf4237da131aee5679

SHA512
964dd6e005962ca773dd061b47e73f77a7ebb8e55dea69d536ec4ce81502f208aae828ef60e5af89406610f8c2fc312255afd0e27e46c392a2f632ba5a4dbe39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
678B

MD5
e39945101d756b3fb32c513b5a02f819

SHA1
284854f70e22a22d29f9d83a5dc10cbf1ec837c4

SHA256
4c769e03fe6470012837a1ab2a86708bfd37b9ac1086047e9ee57317b3c46518

SHA512
d88629bd3e734cd297a77cf2a1fee5006604346f00bb0098ab77aa3c373c1dfb9aea566ccee7ee1b057dbe5cfd5779853f822927b139660a166fcb0050a315f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fccc49acaf14cd404f135d7c9a0578a3

SHA1
3658da2bf6f4bb7f561d28623bae265c15922e4a

SHA256
e571ee2e94e3f48dcfe47dc16214aad98bd947adb05785d570676aee2033f2ee

SHA512
1d2babc0ef8e80120ac6249c7f1dad6508a8b39e3a393c49d7398b15239f546eadba139a211292fef5f5c4a921010e42df6046fb4286c805152cb0e7629e8c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e644f48850b248c227d17ff9baa4ae16

SHA1
148e0a6da5248abf53f1d88535374189fad27e57

SHA256
b696842a42a32bdb5b3423b4aff6517bad47ea2f3310454358ffbf3d72c1d096

SHA512
3aae1f113bd70fcdf48e93be155a3eef7f3a9a4a0e63737f5985fd54564812919721b5b073b53f424985e51ecd51296cf62d974b2528a9c1ae1bd0efdd246fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
157e08cdcb1b7cefc0f890c3bc9c2177

SHA1
99b867b7a30dbf3922e3c1133e71a43f7e0683a1

SHA256
b830ae036f8ff2d919217f343a4489acaae779396502a31a060b6f4ae215d0d0

SHA512
4dd8a8e212495146e36cd7f01c090bdf42fb7e098593bdbcac12f00a8050dd233c2fc976fa53edb3fc8d12e85a0b0dabb7f3f24e6308727e3315de4f54f061b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c317784fe49eb2f37e8e7b4f2b6fd882

SHA1
4c928907603616c132bda07971a67fe0f84f0f61

SHA256
f39dc26d0e71fdcb7bff40a62f87ecf4ccfffd275c589afe8756d25fb7d65d8e

SHA512
575bbb38c0694725e40abd5ee48cad96e30aa8cd00db054e33d1dd00dc8f88acab25b9fe73424af889aef9c3d985a8d1f5636995ed53ddbbcf051d0a1e05038a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2a28332ec0d9536e456b189c4269f6db

SHA1
f66de31f1365759f95a5152d3ca86705abcdf041

SHA256
05d8ebce8954fa6bb6fc6441f17d80ca335fde2787a8854753646d83a1a7161a

SHA512
1898e79f115234c788db28fe26ba515255c9dcdae88c40134759fd21eb0a0d38eedd696265a6e14dd355ab83a247e6c2a6daf3822a9c07ac18a1caa2a6b68a47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
9805c0becf290c648ff2a5cd2e33e16e

SHA1
e97c59d0b907e2e46dcd650b83c385dff43cdccf

SHA256
d46c0150732cbaf17c7256a2a95c985aef8f39c074c56f7466c7178d9981c39a

SHA512
3463682669ceedbaf397e31df021f34bb53237ad292afe7250589db30ee2469cb16d452f4ecf2d1695cb4e5845317ba2db7f4d7566b1bcb1d392027a2a09a79d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
b69ed6340c91f83308fe1fd263e3ddf8

SHA1
cb27e61933c678d3f8227ec6778bfe6e6685a311

SHA256
64b685f1ed0106500dab222620d19d678e348b805f85bba8024ea2aa4fd40ea7

SHA512
36f9c5b5eddb72f9469ae58254a8114409e4726e949ebe56d7b9b8a477eab11511ee15c8668af312313c59a09da8e5e45923c33481f24b54bbfb6996f00cd51b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
999211ba839b40c250c0984ea6036ece

SHA1
06e3fba8e3bd6d0a582b6d62a34c32115c1322c0

SHA256
4b4ce096fab66ce4291ed2d07d659106372dc692549f357d7cf03dae94d7131d

SHA512
5fef5788d4db9b5ee4a70ea399d736f955f9a998af45856631bf283073fe8b3528826bf99c1a2425b061d910898fac1953d8a80b750d45e471525f61a27882e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e83d.TMP

Filesize
105KB

MD5
d8641eea9ae1c0e2ec9ec76b603a99d6

SHA1
149785312191e646703614617658ccbdbe1e5b4e

SHA256
35c67829c43126100f7a5ee42b08aaccb78a8cad0c14f4b49cfa5ba38a524894

SHA512
20073906befed43356c72e6438eb7c816f54f4597c00fc183cb6edd62ad9f1297685dd0c952d8bd67f829075d1798c085cc13c49734b076e7176c46bc7156dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
5387a9637351326eb63b9e1abd15f673

SHA1
e6ccafbb384dbf8437fd20abfc1453afa632604b

SHA256
e1d3b056f13383a7cd4c45d7c3af260ea9ef84b262f7b01185a453176ed309f2

SHA512
f85d8f74d534bb1cd69f0bb5c7bcf3b71ddbcee8499b8d3b9cc66b92fe3e86bda02cc372e5cb5e9355568fa5f1495239873e8276777fc90b58741e52a695d45b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
253B

MD5
be255b41ade7a27982153339d63606dc

SHA1
e1c2e4a16523891efca0d82907a1627a6d660185

SHA256
bb62a0eae8df15ba73d6893ad43d316351aa04c541fcd1a373e85748955d6aa7

SHA512
df0245c0bac6024237b3eb1c8233c9f3ed739b6f4a5a62010ef975c99446967728d8a2323d516955c68d54f8de46198234de63bb7e182917304258a0ccd3ef3b

Download Submit
memory/4940-132-0x00007FFFC8590000-0x00007FFFC85A1000-memory.dmp

Filesize
68KB

Download
memory/4940-145-0x00007FFFC6CB0000-0x00007FFFC6CCB000-memory.dmp

Filesize
108KB

Download
memory/4940-133-0x00007FFFC7040000-0x00007FFFC7057000-memory.dmp

Filesize
92KB

Download
memory/4940-135-0x00007FFFC7000000-0x00007FFFC701D000-memory.dmp

Filesize
116KB

Download
memory/4940-131-0x00007FFFC8600000-0x00007FFFC8617000-memory.dmp

Filesize
92KB

Download
memory/4940-130-0x00007FFFCCFD0000-0x00007FFFCCFE8000-memory.dmp

Filesize
96KB

Download
memory/4940-129-0x00007FFFC7090000-0x00007FFFC7346000-memory.dmp

Filesize
2.7MB

Download
memory/4940-138-0x00007FFFC6D80000-0x00007FFFC6DC1000-memory.dmp

Filesize
260KB

Download
memory/4940-137-0x00007FFFC6DD0000-0x00007FFFC6FDB000-memory.dmp

Filesize
2.0MB

Download
memory/4940-143-0x00007FFFC6CF0000-0x00007FFFC6D01000-memory.dmp

Filesize
68KB

Download
memory/4940-146-0x00007FFFC64C0000-0x00007FFFC64F5000-memory.dmp

Filesize
212KB

Download
memory/4940-134-0x00007FFFC7020000-0x00007FFFC7031000-memory.dmp

Filesize
68KB

Download
memory/4940-144-0x00007FFFC6CD0000-0x00007FFFC6CE1000-memory.dmp

Filesize
68KB

Download
memory/4940-142-0x00007FFFC6D10000-0x00007FFFC6D21000-memory.dmp

Filesize
68KB

Download
memory/4940-141-0x00007FFFC6D30000-0x00007FFFC6D48000-memory.dmp

Filesize
96KB

Download
memory/4940-140-0x00007FFFC6D50000-0x00007FFFC6D71000-memory.dmp

Filesize
132KB

Download
memory/4940-139-0x00007FFFB3580000-0x00007FFFB4630000-memory.dmp

Filesize
16.7MB

Download
memory/4940-136-0x00007FFFC6FE0000-0x00007FFFC6FF1000-memory.dmp

Filesize
68KB

Download
memory/4940-128-0x00007FFFC7350000-0x00007FFFC7384000-memory.dmp

Filesize
208KB

Download
memory/4940-127-0x00007FF760DE0000-0x00007FF760ED8000-memory.dmp

Filesize
992KB

Download
memory/4940-236-0x00007FFFC7090000-0x00007FFFC7346000-memory.dmp

Filesize
2.7MB

Download
memory/4940-235-0x00007FFFC7350000-0x00007FFFC7384000-memory.dmp

Filesize
208KB

Download
memory/4940-234-0x00007FF760DE0000-0x00007FF760ED8000-memory.dmp

Filesize
992KB

Download
memory/4940-237-0x00007FFFB3580000-0x00007FFFB4630000-memory.dmp

Filesize
16.7MB

Download