djvu | 2f9c6d06d25dfea43bb52e9b81df3dd3ebdef5d066573494598e77c450937e8f

Analysis

max time kernel
149s
max time network
341s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82C4.exe
Size

768KB
MD5

663a7ee6f23102380056645ded592075
SHA1

42f7de8be635ed37f91c289a81e71bc67139adb9
SHA256

2f9c6d06d25dfea43bb52e9b81df3dd3ebdef5d066573494598e77c450937e8f
SHA512

9d4e890505ccda9a0b3cd971598153c1e33be481d10c1133851f621fc4aad148554977b3162d36cb97759fde5603cfebf7876ad39199eee0519ecd3b1f857d09
SSDEEP

12288:wyEfg9+yzz81R9K4UW/ug6nkYxMDoG8AGjn6PkRnTFXD1l9e8k7phRuHH8n4p:IQmQ43/rYE8vdnTFRU6H84

Score

10^/10

djvu discovery persistence ransomware

Malware Config

Extracted

Family

djvu

http://rlrz.org/fhsgtsspen6/get.php

Attributes

extension
.nqsq
offline_id
OGykROpbgxJhrG1qc9yB9PwnsSv1Eo04vOCP0rt1
payload_url
http://znpst.top/dl/build2.exe

http://rlrz.org/files/1/build3.exe
ransomnote
ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-O1iz3esfm2 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0337gSd743d

rsa_pubkey.plain

Signatures

Detected Djvu ransomware 15 IoCs

resource	yara_rule
behavioral1/memory/2052-29-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2052-9-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2052-8-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2052-5-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/1564-2-0x0000000000540000-0x000000000065B000-memory.dmp	family_djvu
behavioral1/memory/2444-38-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2444-39-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2444-54-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2444-55-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2444-111-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2444-164-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2444-177-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2444-178-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2444-175-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/2444-181-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu

Djvu Ransomware
Ransomware which is a variant of the STOP family.
ransomware djvu

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2436	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\923515a5-eaf7-46c4-9799-a3774f51f628\\82C4.exe\" --AutoStart"	82C4.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.2ip.ua
4	api.2ip.ua
9	api.2ip.ua

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1564 set thread context of 2052	1564	82C4.exe	29
PID 2588 set thread context of 2444	2588	82C4.exe	32

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82C4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82C4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82C4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82C4.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
916	NOTEPAD.EXE

Runs regedit.exe 1 IoCs

pid	Process
2396	regedit.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2052	82C4.exe
2052	82C4.exe
2444	82C4.exe
2444	82C4.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
448	Autoruns64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 1564 wrote to memory of 2052	1564	82C4.exe	29
PID 2052 wrote to memory of 2436	2052	82C4.exe	30
PID 2052 wrote to memory of 2436	2052	82C4.exe	30
PID 2052 wrote to memory of 2436	2052	82C4.exe	30
PID 2052 wrote to memory of 2436	2052	82C4.exe	30
PID 2052 wrote to memory of 2588	2052	82C4.exe	31
PID 2052 wrote to memory of 2588	2052	82C4.exe	31
PID 2052 wrote to memory of 2588	2052	82C4.exe	31
PID 2052 wrote to memory of 2588	2052	82C4.exe	31
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2588 wrote to memory of 2444	2588	82C4.exe	32
PID 2876 wrote to memory of 2864	2876	chrome.exe	34
PID 2876 wrote to memory of 2864	2876	chrome.exe	34
PID 2876 wrote to memory of 2864	2876	chrome.exe	34
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36
PID 2876 wrote to memory of 1920	2876	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\82C4.exe
"C:\Users\Admin\AppData\Local\Temp\82C4.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Users\Admin\AppData\Local\Temp\82C4.exe
  "C:\Users\Admin\AppData\Local\Temp\82C4.exe"
  2⤵
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Windows\SysWOW64\icacls.exe
    icacls "C:\Users\Admin\AppData\Local\923515a5-eaf7-46c4-9799-a3774f51f628" /deny *S-1-1-0:(OI)(CI)(DE,DC)
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:2436
- - C:\Users\Admin\AppData\Local\Temp\82C4.exe
    "C:\Users\Admin\AppData\Local\Temp\82C4.exe" --Admin IsNotAutoStart IsNotTask
    3⤵
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\82C4.exe
      "C:\Users\Admin\AppData\Local\Temp\82C4.exe" --Admin IsNotAutoStart IsNotTask
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7759758,0x7fef7759768,0x7fef7759778
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:2
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1360 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3808 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2016 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3408 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3788 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1052 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1124 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3824 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=1228,i,15634414679253585293,11334369505372840614,131072 /prefetch:8
  2⤵
  PID:2532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1284

C:\Users\Admin\Downloads\Autoruns\Autoruns64.exe
"C:\Users\Admin\Downloads\Autoruns\Autoruns64.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:448
- C:\Windows\regedit.exe
  C:\Windows\regedit.exe
  2⤵
  - Runs regedit.exe
  PID:2396

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TestTrace.asf"
1⤵
PID:2212

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
1⤵
PID:2684

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
1⤵
PID:1152

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3024

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5b8
1⤵
PID:1392

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Downloads\DisableEnable.docm"
1⤵
PID:2688

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
1⤵
PID:2268
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
  2⤵
  PID:2068
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
    3⤵
    PID:1216

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\WriteShow.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_F70553637B9F26717122C4DAFA3ADB11

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
0de5633210dee3b00e2681195114fc0f

SHA1
33e437eae066a28c85cf54f8c1bd77ad2ad47ccc

SHA256
11f665bcbab286060d9d40a53ddd7e206ccb93227d388db40037a709151bdd1a

SHA512
ae536789a3dee33373d6457505ef49dfb6d19a58cde71f0fda0cbb2253547ac536ee6605bb72a792b82605e68591e78734edff0091fc1999a7272a97e99baed5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7a8e4049c36f338059a0aa827c8008a

SHA1
f6ca0e3e80616e58678450cbadabd2f9479a601d

SHA256
375fad27519ae0da13ebbdf95759092f60c8e1ee838987d9b3f88bdbc36b8a0e

SHA512
147b354e5ef77c6e6bb656eb421b23d8e28ccf860cfca2d3265238745f14642d1ce03748caca812bd3496c776699012d82a18d294fea18c6a357350a6f6f96db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0740c029032819e2a4156ac383c50ee1

SHA1
7950aa09949dfcfa13fbd3bc86400849b244964c

SHA256
8402669193f54d23ecf240fb9929e01232056fd3f25df2cf68bc40356f155027

SHA512
ce420bbd7cf59a0462079a447b21581186b79817990e0d1d8f50f7e8f7d955082b7de75368c0bda818c0eba73856eb097d091d7948f6e4ebb176e89e5e54636b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
946022b9c5e2d6bd8b8608af59acecbc

SHA1
ede45ad38393c402376c814202d768d5a7659f7c

SHA256
e25c8b7ebd7f9fb45548e2e721601c1931e76b302421572faa9ca0667ea16bcb

SHA512
f7772142b3317696cce432efbfb0c8cf5daff57067536c6c1a84c499392e21803c25b1652f61e438572b57b31c1e4a7bb33ef39dd8b3f106fbce286c0d1f5be7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ae6fe05cfbd457abc74736944d7c4c4

SHA1
53c4c77a0f0d905d92d86ae0c41d22b0bbcb1c2e

SHA256
757963fb5f39681c6a4972182d6bdce6d48b8a87f62bb240b5a739420695f792

SHA512
eed381302e69e5f6fd0bdd1b156f7cd4ad234e5e1756df0e87b3bec9aecc866526dadf589030deb53d67fdc553c723bc9eabc9044ef1ba035f40060d21be7eb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af830579db94af6fb1a0e8ec583c1711

SHA1
7074b41fd421a4d6adcd23e4ddb6574f7011bf63

SHA256
9a4de4161208fef60c28a0c2712eeb7de3f25dbd7b7624d5bc3c05fc6b60ac2f

SHA512
5db2cc2241fda5f6a09b9700aa49c1c1fd0bc807092763eac3cc2b73b943ffa6186e7b46fdaee53c316df0248f4f350a319c12b041accdf4932adfb3d5004350

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7218e62ee4417d2f218267f4c0273e12

SHA1
c1c8c388fdec2f8cb52cdff65a01ac464e35dfe3

SHA256
ebca7da5910b31db6f65c8f0df62f59a4e65dd602a8196da4c5a5bb8cc6a51bd

SHA512
8aed732e597559823dbb8391950114ab08d8f6af5f648c0f34187274facd4c2459bf011a4646e6713d4097ad762a4c58ea988c4f63233a7b0d1bf9b04e78f6b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3918750958c5c6022ceeea8c544ffb1c

SHA1
0562faa86a5adb5b24659fd8f659091ec1994557

SHA256
4c83e1771f180dc8693ef50f4893e8ca7e430d6a62f6446efc812e3d47e5a157

SHA512
8b942e49ce1ed9d74850b063832ae5b16f6ddbf183e4f2beb721b8b75b7a959df8bb3600e68edef59a5a4a55a7174dae7288581652d0ca15641963a9c0c72e3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38fecb8dc3eb5f98b675c61e01e575de

SHA1
72eb71f9f6ac63623e3a826146bdad422454e8be

SHA256
0c244f4d39e397a792c3699bfab92d8ab19d5f3faa5daae195a8dd153c848e9e

SHA512
82ebcbc4e1ae438606bfd00e5ac6e8bd2262ab4d0654b067430ee7e5701a18c5661a1fa9a3320da76f85dc159c0182d3662f8abca5d2e0800152b0b1d0fd109b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51087cd0afc19319a9d27c439e90c93d

SHA1
b7d906e16defac36bff3ae9e41d43bfeeb96c4ab

SHA256
12da33b1f8417e015aa4fb6ab731c47c341cdb4c730510685229419ab3a91074

SHA512
319bef68f2cd7e777c6dacd3b98ce8e054077bac2f5c0f6918b171b947fdbd84a54c7c570aeb91449329ed181d56bc8b6890164f2c592d152e84896460afbf7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f953f58621feb6238ad1d0f8b4a6e0a4

SHA1
ed73f12d166c7e89b56b24680ac0931c6a349702

SHA256
355551cfc60f2447f728628dcef27e15f3c26dd065133a5020a3ee6d055b99b4

SHA512
ce25b5d97b0a56c8b5706a73b59be74422d203154835afb26f5e24fec04e449404fb18ef65b1c2c2621f0defc2f4cfbf1ea4c62e466b1bb9ec436b89d1052756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fa5d2ef351c078f1c8382994a217964

SHA1
5802e5d9af4775dab00cd155637fac43488e1eb4

SHA256
7c64f92cf64752446ba4c2ba6ea24e0e3eb9a775d7f3ec72cc62c6ed977ec11b

SHA512
72e468e493a31ff0706740a927654afae932fa17baafdde79738f096d834a8f0f00721e7387144daef2b7f19165e5fe8531c3924a575a927aeabe5bcaa81e1e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
8b7ab860e67ccb6f4973594f4a98913a

SHA1
118f0008137eb0a1a6290fa8e7fd03cdbdb68d8a

SHA256
b31f7d69ebdf18ad785fa696907ef2e98486d5ca60458e265fa07d87dd4c148d

SHA512
528ac2f3c13586c0b513f155f4de7a2d5c202982da168330a6f2c9c24d9a1da78caeb4ce24dc4c2c1140e65da6461c532324dc18c96e98b79f127bba255bbcca

Download Submit
C:\Users\Admin\AppData\Local\923515a5-eaf7-46c4-9799-a3774f51f628\82C4.exe

Filesize
768KB

MD5
663a7ee6f23102380056645ded592075

SHA1
42f7de8be635ed37f91c289a81e71bc67139adb9

SHA256
2f9c6d06d25dfea43bb52e9b81df3dd3ebdef5d066573494598e77c450937e8f

SHA512
9d4e890505ccda9a0b3cd971598153c1e33be481d10c1133851f621fc4aad148554977b3162d36cb97759fde5603cfebf7876ad39199eee0519ecd3b1f857d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2b2dbafc-6751-457a-88e9-e840290064a8.tmp

Filesize
341KB

MD5
ac60ab0338a597cb5add01745eee19c4

SHA1
41c671528fa66e87df9816909f04cf6f7b0cdcb8

SHA256
92fee47ef77f9359a27643043f6eb774db6220770966fb254a9dbdf63c934a3c

SHA512
0d5705f79227f2091268a65e996f0d702aef415e05d25019d8682e27fef2ef4ea0cfae93316286a4ef3cb4c67f07a2c1c6b499d955c55f967e4e319cd255e64a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e3991050539675179799e9fb2d5a3f89

SHA1
fa49224ab3ff627adeb503c59f9e4695556c8a59

SHA256
4969d83f35b9ecb958c5d869574a796afcf4d15cc3f803c46d5cafc95ab66f1b

SHA512
7e41a866c657fb31cafc19d55966b4d6763e9702a88be3b7472ba6492ea46119e5d61e6b65d702e32bf5029f4c9afd9e09bde4a8ace9e2dc7a008630aa892383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6a06509966e8057cbd53e023237e40be

SHA1
5e73254091d5be5c1c9487feb56c7a7c8fd9489d

SHA256
309f883e641d546691db6027a1f55fac08dbaa54a999ee58b4dc130fdf03461b

SHA512
eef5a2b418f828ef715a6fecb3a418f2f72ab35537990bc8de0340ab96d35d12aaee61caa7a590057bb1193c316e047ac2b51be32dffb0fdb6272c2ce1e680fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
d094dec348c539ed0517dd5b3e16d679

SHA1
cb870e042c70844a539ca0283a6466ce11519358

SHA256
f7321a5894dedab3756c68c55ef27072f7494d57ee4a13279c4cc16dd9b61623

SHA512
c91e62fbe5d84a633e5aaa3db7c91defcb6b22df4d624dd8e3e552e467e8d4a1712f92db5de5d6ac76525d42fb79ee0b6d74a587ec5ff21a377d84c033841e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7b9810dfed1d608f2252bc66c2fd842b

SHA1
39c1fe0383e1f384807c8013eecfa4f97152fce5

SHA256
fe09f61c51b7636e98420125d4c5b22911fb10ee10fae7412afac7fad4e700db

SHA512
59c175fb1be6ae9441c689f0f8ea9d603485b29dcd4ea9e2c469b367e50ce09913d889ca00c677f6a2b34a7696025c645421883dcee1e7cce33c3b817614c5ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a9dddad977491d740072dd01892bdcfb

SHA1
6f88d3deafbddefadcbe8eea8210a23885a4d1e2

SHA256
d3901e69127c083928bdebe7400bd8efb37bbde90b5b09b545e92f68f4ad5d92

SHA512
812a13d299a2f429504a32231d532f25c8cdf64f9071e08b1829fb6dac425d1464420b85a10a2a5ee3ba08b31adc5bf8265d31e812bfc9abda794c7760d13d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
81bce5b0db98e7edb20b3c41309ee495

SHA1
8405b6cc756deaef92a407e725307111d2141f84

SHA256
3bcd9f63c8d73129ca0dc1d9ec145c1760fe48850d81802e15f1da4471480365

SHA512
88700d5a13200ee7717d79ec88cd4ee7aa99e16b69b0295c35fd03ce53a8ae34963f168fc738b5c0856421940ae1b1220567c96d7e3d2f67f4b12d1037c93ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2ce12bd4b9a17170e2d03142f2b126ca

SHA1
6156927a3196e2dce5fe0029a9d5a713169bffac

SHA256
78ac51ef7e351635c460a21bde266453f64b51d78b93d988072bc881d8d9c011

SHA512
d001e4e512bba7bd1a6969b6699c7585a536231912c34e879a61c936975f3d70656c75bd80f5d8fa2d45ca555f6a169c4037b7da93d14a9e62fa563123609f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c89ea441498a0830bc9271b4e289cd12

SHA1
690da86e9c1d571f2ca444e59fc5ad6079188a3e

SHA256
c418348b1f967f74a502aad11a8c29540b7655494071748eb30685289e6a346d

SHA512
eaa988b00cb9509d35c8431985038c759b29ae22deef0150933350e07e3492aad06b0fe960154eaed42da039fefd6e25fbcf028ed69d0429355ae4abbb9cacaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3ce2032c89611b005501a2797ae38ab9

SHA1
3b13f95dc33f6b6f4a80d35a2bac1cee4e163166

SHA256
8265e18ad58853bd72b1500ff85df129e7ffe3bbb8f77c3a9808503ae6ea532a

SHA512
27c25d254080f094b1c3fdb5dd83731706935b8807ed885c637abcf12b0d3f5e7192a9e94e2eecc917941a186697879930aa290975dc8c99555a68c51f79449a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6262e0a47d11d51edd478a666969d9a4

SHA1
94e5da41a178b474c9f02c0beb505b66b63d65c6

SHA256
459a33366f558d27e536e97ace97c70df91b843ac601c3347745d2826e5c3e81

SHA512
03ca9cbdc6cedac203ce3a64368fe424627963ce5851e675a4f65f1690e807aa6e4e9f4f820a07b1af42045c7eacc5d7ce5ccdb1e057128f881aad53178eeec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
382658d0985452175c61089903430b25

SHA1
9e2e8d78fd242c43b80df49d9a09099525e07798

SHA256
1792e49ceb355a6fa54655822e61a00d556107f1e2e1e140c1fce04d6b3ada8d

SHA512
ecc986498ab04305b8b9fd89e9b5f7d4909b8effebe80cc6a7fc8176854f9521063f29bc6bf779d5fb6bef19ab85220123850a03e43ed03bdd1488a6b4f27e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a1c2ab43c5f8340355fdc6cf2f06bb9c

SHA1
b45cba1c8dfa52e458256a1950a3c0897b6febd0

SHA256
1eadd1ca1b412c92fa6a8b9d137070ffc79125c030fa2850d2101719ca289bea

SHA512
ab61cca35a0fca797d48f913739db27738a7b95a1ef5177a6238057f61baca49ad5c6bdb2e0bc4516953112178e83062128c2751bd7801e61def6af317b0db0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c0bd732c6df369d321630d6d7c9efa4

SHA1
4288936f5f4f31d4d0f1415a96b91ef7762dc2c2

SHA256
802c7a40f2d08928401e84deb4624fa093c99c40ebe7d86faba6289633d0825f

SHA512
b8c692318beaa2b8c936f22bb5794f0e84c930726b6f9d4f5ed45038f76e293f8a9c61ee6ee467d702c42210a55a0ea94f6154cc1012b01297ff7ca402df889c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
341KB

MD5
f8e220d195ba3df24ad51062aee2fbf1

SHA1
b898cb7239ab02902c64e3c26e1d03ee37b7d474

SHA256
1718e261aa21ea34d8e752fec7b4612941b6ecb1597b4c51645f924e29984f9c

SHA512
a8007e582b328465c1d6fd6341eb3b676e2f1797b058feb645300bf0589bfe443a99b3b07373f833439ad3fe5dfa49e0020b9c554e80f75fc5144f5c4b0b678b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
314ab11dd8d42d6f85d8a995eb46988e

SHA1
68b5e3a6952be6eae78ef0ff77a1ec6ce22cbdb2

SHA256
a905d820f42e58bc07f7ad2a4e2605a9f21782b2cef50a676a0ddd88b3037f54

SHA512
cf23cdcb8c48f0fdc7a42a92e88d59fe11fe26383d96889cbe07a672da0dec397bfe0cbd2b7250e39206db575c220270752a5536a5d8b5a959282676ad00950f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEA1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar54E5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
275B

MD5
4d5d4ed0b899b3db904f1986b684272d

SHA1
00dddebc644f7bbe772c165f893033e266a467f7

SHA256
f1cadc547289d4c1d0d017eeab87c7d29128b5ae5b6d58aa3fd401754bbe6cac

SHA512
de6e7d916c56c7dc2e6563c7d9b857d198a7affaefc2b27eb3efbac9eedc85b8eee9926a42279e1d535873098ff286f6697100a24f86e976f7d52a39f4f14e68

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
292B

MD5
b90c69ffc66ec57ecc40deb7afbd28a4

SHA1
0d1f8255a6960d430b7611c48f2cb1faddcfd2c2

SHA256
e8cba880408843cb4b059f3bc93bc14fe8e7b0e857e55a853fbd9602ecd12093

SHA512
953794fbc7217392a87cae00d4d6d512697f79176fd69283ec0dd0e18c02c7459726c399da1adfe05410b747251b74cb5842a802e5292b9d9bc2894925c18b5f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
20KB

MD5
15f7e13513d444a3a2999b8cb1f88294

SHA1
75cfbc4c238e663edf9494b05a5700ff265d9d12

SHA256
c2fdd75b7f9b4468a31f0564fef32bc6dc6bace96d9aaf9914351b6f9e208327

SHA512
5b495e5fbf4dbd7e7b5b90764730198be7e570a57f3f06bb74c32d6d2e8c8a1e414d1602c67b17176367eca06313197cd8ad4476527cce1f841d612647b43cd3

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
75B

MD5
62ea63c6924456c21bc81c6b40313ddf

SHA1
361168f911cf64b9830dc9cdd72c65db783c8a2d

SHA256
c277c7b5607dc324fae3464a7622fb1e492e9e8a47488d69c89b563aa50ae78f

SHA512
8504dfeeaebf8adeeaf12374256cc5d6ff911f6dcc554149ec07666a325633950a6460f49ed89fd3b75171ece9834f2bc159a60514dbdad69103130fcadec5f0

Download Submit
C:\Users\Admin\Downloads\Autoruns.zip.crdownload

Filesize
2.8MB

MD5
09aa3a18f9dbf8588b0a3489f5c752f4

SHA1
130a744a421ca914f2809685af8262c468f4177a

SHA256
b04d2ac6dcc287a4b01a9cdc5bd9580a38df8a3379e03698cf7b888cdab7ea0f

SHA512
d0a18f5b71fdf9df60e604d12c9279322a6aa8ce6001cd980bd9df138718c59bf7023690de51b64e6926f154b2ebd52950fa21a89e5e30d6942c784a28edb453

Download Submit
memory/448-682-0x0000000003DD0000-0x0000000003DEE000-memory.dmp

Filesize
120KB

Download
memory/448-703-0x0000000003DF0000-0x0000000003E09000-memory.dmp

Filesize
100KB

Download
memory/448-737-0x0000000003E10000-0x0000000003E20000-memory.dmp

Filesize
64KB

Download
memory/448-554-0x0000000003810000-0x0000000003867000-memory.dmp

Filesize
348KB

Download
memory/448-553-0x0000000003810000-0x0000000003867000-memory.dmp

Filesize
348KB

Download
memory/448-735-0x0000000003E10000-0x0000000003E5C000-memory.dmp

Filesize
304KB

Download
memory/448-569-0x0000000003FE0000-0x000000000401E000-memory.dmp

Filesize
248KB

Download
memory/448-568-0x0000000003FE0000-0x000000000401E000-memory.dmp

Filesize
248KB

Download
memory/448-622-0x0000000004370000-0x00000000043C7000-memory.dmp

Filesize
348KB

Download
memory/448-623-0x0000000003FE0000-0x0000000003FEA000-memory.dmp

Filesize
40KB

Download
memory/448-625-0x0000000004370000-0x00000000043EB000-memory.dmp

Filesize
492KB

Download
memory/448-624-0x0000000004370000-0x00000000043EB000-memory.dmp

Filesize
492KB

Download
memory/448-629-0x0000000003DC0000-0x0000000003E16000-memory.dmp

Filesize
344KB

Download
memory/448-627-0x0000000003810000-0x0000000003867000-memory.dmp

Filesize
348KB

Download
memory/448-626-0x0000000003810000-0x0000000003867000-memory.dmp

Filesize
348KB

Download
memory/448-628-0x0000000003DC0000-0x0000000003E16000-memory.dmp

Filesize
344KB

Download
memory/448-633-0x0000000003DC0000-0x0000000003DEF000-memory.dmp

Filesize
188KB

Download
memory/448-632-0x0000000003DC0000-0x0000000003DEF000-memory.dmp

Filesize
188KB

Download
memory/448-631-0x0000000003FE0000-0x000000000401E000-memory.dmp

Filesize
248KB

Download
memory/448-630-0x0000000003FE0000-0x000000000401E000-memory.dmp

Filesize
248KB

Download
memory/448-736-0x0000000003E10000-0x0000000003E2D000-memory.dmp

Filesize
116KB

Download
memory/448-641-0x0000000003DC0000-0x0000000003E49000-memory.dmp

Filesize
548KB

Download
memory/448-642-0x0000000003DC0000-0x0000000003E49000-memory.dmp

Filesize
548KB

Download
memory/448-644-0x0000000003DC0000-0x0000000003DD2000-memory.dmp

Filesize
72KB

Download
memory/448-643-0x0000000003DC0000-0x0000000003DD2000-memory.dmp

Filesize
72KB

Download
memory/448-645-0x0000000003DC0000-0x0000000003DC7000-memory.dmp

Filesize
28KB

Download
memory/448-648-0x0000000003DC0000-0x0000000003DC7000-memory.dmp

Filesize
28KB

Download
memory/448-647-0x0000000003DC0000-0x0000000003DC7000-memory.dmp

Filesize
28KB

Download
memory/448-646-0x0000000003DC0000-0x0000000003E16000-memory.dmp

Filesize
344KB

Download
memory/448-651-0x0000000003DC0000-0x0000000003DD7000-memory.dmp

Filesize
92KB

Download
memory/448-650-0x0000000003DC0000-0x0000000003DD7000-memory.dmp

Filesize
92KB

Download
memory/448-649-0x0000000003DC0000-0x0000000003DEF000-memory.dmp

Filesize
188KB

Download
memory/448-680-0x0000000003DC0000-0x0000000003E49000-memory.dmp

Filesize
548KB

Download
memory/448-679-0x0000000003DD0000-0x0000000003DE5000-memory.dmp

Filesize
84KB

Download
memory/448-678-0x0000000003DD0000-0x0000000003DE5000-memory.dmp

Filesize
84KB

Download
memory/448-677-0x0000000003DC0000-0x0000000003E49000-memory.dmp

Filesize
548KB

Download
memory/448-734-0x0000000003E10000-0x0000000003E5C000-memory.dmp

Filesize
304KB

Download
memory/448-681-0x0000000003DC0000-0x0000000003DD2000-memory.dmp

Filesize
72KB

Download
memory/448-683-0x0000000003DD0000-0x0000000003DEE000-memory.dmp

Filesize
120KB

Download
memory/448-686-0x0000000003DD0000-0x0000000003E17000-memory.dmp

Filesize
284KB

Download
memory/448-685-0x0000000003DD0000-0x0000000003E17000-memory.dmp

Filesize
284KB

Download
memory/448-684-0x0000000003DC0000-0x0000000003DC7000-memory.dmp

Filesize
28KB

Download
memory/448-687-0x0000000003DD0000-0x0000000003DDB000-memory.dmp

Filesize
44KB

Download
memory/448-689-0x0000000003DE0000-0x0000000003DF5000-memory.dmp

Filesize
84KB

Download
memory/448-690-0x0000000003DC0000-0x0000000003DD7000-memory.dmp

Filesize
92KB

Download
memory/448-688-0x0000000003DE0000-0x0000000003DF5000-memory.dmp

Filesize
84KB

Download
memory/448-691-0x0000000003DD0000-0x0000000003DE5000-memory.dmp

Filesize
84KB

Download
memory/448-693-0x0000000003DF0000-0x0000000003E09000-memory.dmp

Filesize
100KB

Download
memory/448-692-0x0000000003DF0000-0x0000000003E09000-memory.dmp

Filesize
100KB

Download
memory/448-694-0x0000000003DD0000-0x0000000003DEE000-memory.dmp

Filesize
120KB

Download
memory/448-695-0x0000000003DF0000-0x0000000003E0B000-memory.dmp

Filesize
108KB

Download
memory/448-697-0x0000000003DF0000-0x0000000003DFB000-memory.dmp

Filesize
44KB

Download
memory/448-696-0x0000000003DD0000-0x0000000003E17000-memory.dmp

Filesize
284KB

Download
memory/448-698-0x0000000003DF0000-0x0000000003DF9000-memory.dmp

Filesize
36KB

Download
memory/448-699-0x0000000003DF0000-0x0000000003DF9000-memory.dmp

Filesize
36KB

Download
memory/448-700-0x0000000003DE0000-0x0000000003DF5000-memory.dmp

Filesize
84KB

Download
memory/448-701-0x0000000003DF0000-0x0000000003E6B000-memory.dmp

Filesize
492KB

Download
memory/448-702-0x0000000003DF0000-0x0000000003E6B000-memory.dmp

Filesize
492KB

Download
memory/448-704-0x0000000003DF0000-0x0000000003E38000-memory.dmp

Filesize
288KB

Download
memory/448-731-0x0000000003E10000-0x0000000003E27000-memory.dmp

Filesize
92KB

Download
memory/448-706-0x0000000003DF0000-0x0000000003DF7000-memory.dmp

Filesize
28KB

Download
memory/448-707-0x0000000003DF0000-0x0000000003DF7000-memory.dmp

Filesize
28KB

Download
memory/448-705-0x0000000003DF0000-0x0000000003E0B000-memory.dmp

Filesize
108KB

Download
memory/448-708-0x0000000003DF0000-0x0000000003DFB000-memory.dmp

Filesize
44KB

Download
memory/448-709-0x0000000003E00000-0x0000000003E11000-memory.dmp

Filesize
68KB

Download
memory/448-710-0x0000000003DF0000-0x0000000003DF9000-memory.dmp

Filesize
36KB

Download
memory/448-712-0x0000000003E10000-0x0000000003E2E000-memory.dmp

Filesize
120KB

Download
memory/448-711-0x0000000003E10000-0x0000000003E2E000-memory.dmp

Filesize
120KB

Download
memory/448-714-0x0000000003DF0000-0x0000000003E6B000-memory.dmp

Filesize
492KB

Download
memory/448-713-0x0000000003DF0000-0x0000000003E6B000-memory.dmp

Filesize
492KB

Download
memory/448-715-0x0000000003E10000-0x0000000003E1A000-memory.dmp

Filesize
40KB

Download
memory/448-718-0x0000000003E10000-0x0000000003E18000-memory.dmp

Filesize
32KB

Download
memory/448-717-0x0000000003E10000-0x0000000003E18000-memory.dmp

Filesize
32KB

Download
memory/448-716-0x0000000003DF0000-0x0000000003E38000-memory.dmp

Filesize
288KB

Download
memory/448-721-0x0000000003E10000-0x0000000003E5C000-memory.dmp

Filesize
304KB

Download
memory/448-720-0x0000000003E10000-0x0000000003E5C000-memory.dmp

Filesize
304KB

Download
memory/448-719-0x0000000003DF0000-0x0000000003DF7000-memory.dmp

Filesize
28KB

Download
memory/448-723-0x0000000003E10000-0x0000000003E20000-memory.dmp

Filesize
64KB

Download
memory/448-722-0x0000000003E10000-0x0000000003E20000-memory.dmp

Filesize
64KB

Download
memory/448-727-0x0000000003E10000-0x0000000003E14000-memory.dmp

Filesize
16KB

Download
memory/448-726-0x0000000003E10000-0x0000000003E14000-memory.dmp

Filesize
16KB

Download
memory/448-725-0x0000000003E10000-0x0000000003E2E000-memory.dmp

Filesize
120KB

Download
memory/448-724-0x0000000003E10000-0x0000000003E2E000-memory.dmp

Filesize
120KB

Download
memory/448-729-0x0000000003E10000-0x0000000003E14000-memory.dmp

Filesize
16KB

Download
memory/448-728-0x0000000003E10000-0x0000000003E14000-memory.dmp

Filesize
16KB

Download
memory/448-730-0x0000000003E10000-0x0000000003E18000-memory.dmp

Filesize
32KB

Download
memory/448-732-0x0000000003E10000-0x0000000003E27000-memory.dmp

Filesize
92KB

Download
memory/448-733-0x0000000003E10000-0x0000000003E18000-memory.dmp

Filesize
32KB

Download
memory/1152-1494-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1564-2-0x0000000000540000-0x000000000065B000-memory.dmp

Filesize
1.1MB

Download
memory/1564-0-0x0000000000220000-0x00000000002B2000-memory.dmp

Filesize
584KB

Download
memory/1564-1-0x0000000000220000-0x00000000002B2000-memory.dmp

Filesize
584KB

Download
memory/1564-6-0x0000000000220000-0x00000000002B2000-memory.dmp

Filesize
584KB

Download
memory/2052-8-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2052-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2052-5-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2052-9-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2052-29-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2212-1477-0x000000013FEA0000-0x000000013FF98000-memory.dmp

Filesize
992KB

Download
memory/2212-1478-0x000007FEF7570000-0x000007FEF75A4000-memory.dmp

Filesize
208KB

Download
memory/2212-1479-0x000007FEF58F0000-0x000007FEF5BA6000-memory.dmp

Filesize
2.7MB

Download
memory/2212-1480-0x000007FEF4840000-0x000007FEF58F0000-memory.dmp

Filesize
16.7MB

Download
memory/2444-55-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2444-111-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2444-177-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2444-178-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2444-175-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2444-38-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2444-164-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2444-39-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2444-54-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2444-181-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2588-32-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/2588-37-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/2588-31-0x00000000005B0000-0x0000000000642000-memory.dmp

Filesize
584KB

Download
memory/2684-1492-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2684-1481-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2688-1509-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download