a389d57e7f6ab286c0541746124ee2ce407c0a26266f9678d4df8d75dce3dfe5

Analysis

max time kernel
510s
max time network
489s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

82.1MB
MD5

1a91684f72c90f433ae53bd043659f4e
SHA1

2403b0ec7a2c98ce9bea974fdd530170a2766d59
SHA256

a389d57e7f6ab286c0541746124ee2ce407c0a26266f9678d4df8d75dce3dfe5
SHA512

a10a8216c2fe8617129971bfc1d93e9c2fc5b80f2be6502373f4b99236d36deb1973264c148f4123ce11559fc50f0fa933792a9d65413ff6800f72815354559b
SSDEEP

1572864:tVjl7WfFm7OkiqOv8im2ARxE7glhWiYweyJulZUdg6zfhd72:fZwFm7OknOv8i3K1LLpuqJZ2

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2688	source_prepared.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000300000002095e-1229.dat	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2400	vlc.exe
2976	vlc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2400	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2976	vlc.exe
Token: SeIncBasePriorityPrivilege	2976	vlc.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2976	vlc.exe
2976	vlc.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe
2976	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2400	vlc.exe
2976	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2688	1964	source_prepared.exe	30
PID 1964 wrote to memory of 2688	1964	source_prepared.exe	30
PID 1964 wrote to memory of 2688	1964	source_prepared.exe	30
PID 2808 wrote to memory of 2580	2808	chrome.exe	42
PID 2808 wrote to memory of 2580	2808	chrome.exe	42
PID 2808 wrote to memory of 2580	2808	chrome.exe	42
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2384	2808	chrome.exe	44
PID 2808 wrote to memory of 2712	2808	chrome.exe	45
PID 2808 wrote to memory of 2712	2808	chrome.exe	45
PID 2808 wrote to memory of 2712	2808	chrome.exe	45
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46
PID 2808 wrote to memory of 2084	2808	chrome.exe	46

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:2688

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2200

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:284

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\AddUnlock.M2T"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Public\Videos\Sample Videos\Wildlife.wmv"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4b59758,0x7fef4b59768,0x7fef4b59778
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1392 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1916 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3180 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3744 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2360 --field-trial-handle=1476,i,1451426353939093865,6124872713889935811,131072 /prefetch:1
  2⤵
  PID:2728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
41KB

MD5
7978a9e6312aeef2fb75a5184b971312

SHA1
312d46ef07ed60cb3c48cd586a5189d4a7cb030d

SHA256
bbb5da7e7ba55a3059a77cdbad6147129d94d7ad45fd15f10ebea2bc4537f649

SHA512
e738bbf00a4218607c1d13aa06792bb3245fa7999a844cfdb251caeefe0c2df0be42b9bc2aa8497927161fcee6593d9e9f9d69cd02ca9b213350223c78ae5e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
be2dc70c1121a13f6bf756608e58fbda

SHA1
0755f342ef1f448010e862197b612a9ad84a37ae

SHA256
dd5cecf7fa2085a483429b458812cfcf240585d7cd91b9883bee182ca9d52f6d

SHA512
53329734bcfed91a3e7dedfc5dbb9d28814f593a6e8b5d916ae5348f9f920459412029135c75b797af5d901bba894503baed2211a991be56d796338cb94257fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b69353873a24484cb25cc894d1098f15

SHA1
81d1c6303c1cbc7a04b6470055285c09af005388

SHA256
30d2d21be21a6251e978e98c74e7a118cf6c0f1d4592d7925f920d75bc180e03

SHA512
a23260864567e3d47e58ff07ecfe44dc979b7d2aff44e07f0b4bcbb3106053687ca34fa970da56fffbe04dc33cc3181b2d145ce53311af0661a3ff486338ba6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
7d37b465d7a34cb1921f97f34abe5797

SHA1
0ae862e92ea14512f862be06f9b5f1106cc13bc8

SHA256
58c2637ce1917ff68eb85b5c7ae445dbce046b544c5707498f39dc4b0d628782

SHA512
396653a4e54add60e3b5f6bbb965b02636ee9ec506b8ecc3ae7a82c13fe24caf2064bd57f058a0fb07cc99fcdb6a6fb3321bfbb5268d5d4f2454693402139c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f8822c11f7069d310417dde94eda5e4f

SHA1
0b4704310139462d15e43f462bc56ee7b564dabd

SHA256
9ae9c5df9bc51cc2ba2e71c5ae549f8e9d097979bf76fe78e31d7a87d2cd0f25

SHA512
57b9dd636321a0eb45f9a01a160dc0eb1678ea3ed025467ea12574cdaf787a4ce02ee15c030777bd1c7a817ecc7fae8e9771a45d5fc9c7550bbb80a39ba43004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a365e06fe46be035724cb6d8033e31d3

SHA1
aaebfd3270e33d733ef4804ea5436bcc2576abd8

SHA256
1d87ad49d134c4ec2fb023fe9f1f6a26341ef32ea9855d8316d26fa5df73b61b

SHA512
fb407a7903154de0b3438b095a42c576ec0943d5166b0cdbaa5c1094c01897f9fd26f20022b42affa8de57d144e86ecf50c60c792fa6da3d622ad47f5f7a3e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
624b9ed58514c10eee9150d4c81ab85a

SHA1
4fc5b7f6f0404afa4fa45e3460c2e3986e342859

SHA256
881f00a6715da3273140e3ad7b16b256e18607589d3a3576d2f0cae6dcd443cb

SHA512
f8547c6ac5bed690f2ee3ec01ce12b9de6ecb19df24665b4cb3b5533cff6e168ca489f0f899ed8bebd13b5bee06273e46f6fcbe8f9d3f2f35f28e4b8a6fe4d26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19642\python312.dll

Filesize
1.7MB

MD5
ebd1e51a1a1c1534f1695bc71beecbe0

SHA1
280b29f98df389d5f239fc54d71b258b07a5d290

SHA256
3ac7db2567f747a6a16447bc559a6aa20ba846ff9a6fdaf25f2b301a95889b90

SHA512
2db7e56fb166ea95cadfd3eec13a003727b33dc56e07c6628d0ac3a07f3ac95075af8be09317151037c6bdc8c6d451f2fb8041598d3d68d593a2964fea0fe0e4

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
76B

MD5
57ab8565b535765cf0bab31c87939e26

SHA1
1ce26a6dafc3513b176b5b7e5235b753a87368a3

SHA256
b47ea6f41c4beb4c41b117b702f6ff884221ef043c76147d774f399ef0e92636

SHA512
2f3e9a81a559341035e2440ef3e6c236b6f1d33108b51964f9a2f8a039b4a8cc01e5537cbd754b40fe870f69e8a2e2b21678d471696c05b32acb75f65314188d

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
528B

MD5
4f91f4be5b4bf744170f68be356928cc

SHA1
c654923c6cab15fd9f6d1b7f3bb0a0f5ee866a2b

SHA256
89fe3489b0093ac63c77dc228fba77102e6204bc3565ac37d958aa3434548f24

SHA512
205cf365cb37e888be69f0d3e4ebc7e88781efc83cd20d2c3e0a7bb68bec6438e6cd0cdb33849c3cf06113c80c70cad0bf41bf6b25f4f9d165252e7c17b5b7d4

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
2242db41e3c259f92ce25e9bd0205cf3

SHA1
220455b00f05615b0dbcdc210c64daccc89966d3

SHA256
14ea0eaae5355195f7097b6f470ffa8f3f28759479c7a1c5420c58e98ff39194

SHA512
352660beb9e19b56ad7ab62755e2d05a5ce4f2f830f2b69f0ef4c1eee01f6be74b0cf59e4b3264e3346c56ab4c547dea1b180f83e885b0a4730e6c81e1a34b46

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
memory/2400-2529-0x000007FEF35E0000-0x000007FEF35F1000-memory.dmp

Filesize
68KB

Download
memory/2400-2554-0x000000013FD50000-0x000000013FE48000-memory.dmp

Filesize
992KB

Download
memory/2400-2528-0x000007FEF3600000-0x000007FEF3611000-memory.dmp

Filesize
68KB

Download
memory/2400-2527-0x000007FEF3620000-0x000007FEF3631000-memory.dmp

Filesize
68KB

Download
memory/2400-2531-0x000007FEF35A0000-0x000007FEF35B1000-memory.dmp

Filesize
68KB

Download
memory/2400-2530-0x000007FEF35C0000-0x000007FEF35DB000-memory.dmp

Filesize
108KB

Download
memory/2400-2533-0x000007FEF3550000-0x000007FEF3580000-memory.dmp

Filesize
192KB

Download
memory/2400-2532-0x000007FEF3580000-0x000007FEF3598000-memory.dmp

Filesize
96KB

Download
memory/2400-2534-0x000007FEF34E0000-0x000007FEF3547000-memory.dmp

Filesize
412KB

Download
memory/2400-2535-0x000007FEF3460000-0x000007FEF34DC000-memory.dmp

Filesize
496KB

Download
memory/2400-2536-0x000007FEF3440000-0x000007FEF3451000-memory.dmp

Filesize
68KB

Download
memory/2400-2537-0x000007FEF33E0000-0x000007FEF3437000-memory.dmp

Filesize
348KB

Download
memory/2400-2538-0x000007FEF33B0000-0x000007FEF33D8000-memory.dmp

Filesize
160KB

Download
memory/2400-2539-0x000007FEF3380000-0x000007FEF33A4000-memory.dmp

Filesize
144KB

Download
memory/2400-2540-0x000007FEF3360000-0x000007FEF3378000-memory.dmp

Filesize
96KB

Download
memory/2400-2541-0x000007FEF3330000-0x000007FEF3353000-memory.dmp

Filesize
140KB

Download
memory/2400-2542-0x000007FEF3310000-0x000007FEF3321000-memory.dmp

Filesize
68KB

Download
memory/2400-2543-0x000007FEF32F0000-0x000007FEF3302000-memory.dmp

Filesize
72KB

Download
memory/2400-2523-0x000007FEF36E0000-0x000007FEF4790000-memory.dmp

Filesize
16.7MB

Download
memory/2400-2514-0x000007FEF4BB0000-0x000007FEF4E66000-memory.dmp

Filesize
2.7MB

Download
memory/2400-2555-0x000007FEF4E70000-0x000007FEF4EA4000-memory.dmp

Filesize
208KB

Download
memory/2400-2556-0x000007FEF4BB0000-0x000007FEF4E66000-memory.dmp

Filesize
2.7MB

Download
memory/2400-2557-0x000007FEF36E0000-0x000007FEF4790000-memory.dmp

Filesize
16.7MB

Download
memory/2400-2525-0x000007FEF3660000-0x000007FEF3681000-memory.dmp

Filesize
132KB

Download
memory/2400-2524-0x000007FEF3690000-0x000007FEF36D1000-memory.dmp

Filesize
260KB

Download
memory/2400-2522-0x000007FEF4790000-0x000007FEF499B000-memory.dmp

Filesize
2.0MB

Download
memory/2400-2521-0x000007FEF49A0000-0x000007FEF49B1000-memory.dmp

Filesize
68KB

Download
memory/2400-2513-0x000007FEF4E70000-0x000007FEF4EA4000-memory.dmp

Filesize
208KB

Download
memory/2400-2512-0x000000013FD50000-0x000000013FE48000-memory.dmp

Filesize
992KB

Download
memory/2400-2515-0x000007FEF4A60000-0x000007FEF4A78000-memory.dmp

Filesize
96KB

Download
memory/2400-2516-0x000007FEF4A40000-0x000007FEF4A57000-memory.dmp

Filesize
92KB

Download
memory/2400-2517-0x000007FEF4A20000-0x000007FEF4A31000-memory.dmp

Filesize
68KB

Download
memory/2400-2519-0x000007FEF49E0000-0x000007FEF49F1000-memory.dmp

Filesize
68KB

Download
memory/2400-2526-0x000007FEF3640000-0x000007FEF3658000-memory.dmp

Filesize
96KB

Download
memory/2400-2518-0x000007FEF4A00000-0x000007FEF4A17000-memory.dmp

Filesize
92KB

Download
memory/2400-2520-0x000007FEF49C0000-0x000007FEF49DD000-memory.dmp

Filesize
116KB

Download
memory/2688-1231-0x000007FEF53A0000-0x000007FEF5A61000-memory.dmp

Filesize
6.8MB

Download
memory/2976-2592-0x000007FEF3F80000-0x000007FEF408E000-memory.dmp

Filesize
1.1MB

Download
memory/2976-2587-0x000007FEF42D0000-0x000007FEF4337000-memory.dmp

Filesize
412KB

Download
memory/2976-2586-0x000007FEF4340000-0x000007FEF4370000-memory.dmp

Filesize
192KB

Download
memory/2976-2585-0x000007FEF4370000-0x000007FEF4388000-memory.dmp

Filesize
96KB

Download
memory/2976-2584-0x000007FEF4390000-0x000007FEF43A1000-memory.dmp

Filesize
68KB

Download
memory/2976-2583-0x000007FEF43B0000-0x000007FEF43CB000-memory.dmp

Filesize
108KB

Download
memory/2976-2582-0x000007FEF43D0000-0x000007FEF43E1000-memory.dmp

Filesize
68KB

Download
memory/2976-2581-0x000007FEF43F0000-0x000007FEF4401000-memory.dmp

Filesize
68KB

Download
memory/2976-2580-0x000007FEF4410000-0x000007FEF4421000-memory.dmp

Filesize
68KB

Download
memory/2976-2579-0x000007FEF4D30000-0x000007FEF4D48000-memory.dmp

Filesize
96KB

Download
memory/2976-2578-0x000007FEF4430000-0x000007FEF4451000-memory.dmp

Filesize
132KB

Download
memory/2976-2576-0x000007FEF44B0000-0x000007FEF46BB000-memory.dmp

Filesize
2.0MB

Download
memory/2976-2575-0x000007FEF4D50000-0x000007FEF4D61000-memory.dmp

Filesize
68KB

Download
memory/2976-2574-0x000007FEF4D70000-0x000007FEF4D87000-memory.dmp

Filesize
92KB

Download
memory/2976-2573-0x000007FEF5360000-0x000007FEF5378000-memory.dmp

Filesize
96KB

Download
memory/2976-2570-0x000000013F750000-0x000000013F848000-memory.dmp

Filesize
992KB

Download
memory/2976-2571-0x000007FEF4D90000-0x000007FEF4DC4000-memory.dmp

Filesize
208KB

Download
memory/2976-2588-0x000007FEF4250000-0x000007FEF42CC000-memory.dmp

Filesize
496KB

Download
memory/2976-2589-0x000007FEF4230000-0x000007FEF4241000-memory.dmp

Filesize
68KB

Download
memory/2976-2590-0x000007FEF4210000-0x000007FEF4221000-memory.dmp

Filesize
68KB

Download
memory/2976-2572-0x000007FEF47F0000-0x000007FEF4AA6000-memory.dmp

Filesize
2.7MB

Download
memory/2976-2593-0x000007FEF3F60000-0x000007FEF3F77000-memory.dmp

Filesize
92KB

Download
memory/2976-2594-0x000007FEF3F40000-0x000007FEF3F51000-memory.dmp

Filesize
68KB

Download
memory/2976-2595-0x000007FEF3F20000-0x000007FEF3F3D000-memory.dmp

Filesize
116KB

Download
memory/2976-2596-0x000007FEF3F00000-0x000007FEF3F11000-memory.dmp

Filesize
68KB

Download
memory/2976-2598-0x000007FEF2DF0000-0x000007FEF2E47000-memory.dmp

Filesize
348KB

Download
memory/2976-2591-0x000007FEF4090000-0x000007FEF4210000-memory.dmp

Filesize
1.5MB

Download
memory/2976-2577-0x000007FEF4460000-0x000007FEF44A1000-memory.dmp

Filesize
260KB

Download