cryptolocker | hxxp://github[.]com

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://github.com

Score

10^/10

cryptolocker aspackv2 discovery persistence ransomware

Malware Config

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker
Downloads MZ/PE file

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x0008000000023d40-580.dat	aspack_v212_v242

Executes dropped EXE 10 IoCs

pid	Process
3028	ScreenScrew.exe
512	ChilledWindows.exe
2584	CryptoLocker.exe
3688	{34184A33-0407-212E-3320-09040709E2C2}.exe
1916	{34184A33-0407-212E-3320-09040709E2C2}.exe
2112	CryptoLocker.exe
876	CryptoLocker.exe
4860	ScreenScrew.exe
3128	ScreenScrew.exe
1444	ScreenScrew.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	ChilledWindows.exe
File opened (read-only)	\??\N:	ChilledWindows.exe
File opened (read-only)	\??\R:	ChilledWindows.exe
File opened (read-only)	\??\Y:	ChilledWindows.exe
File opened (read-only)	\??\V:	ChilledWindows.exe
File opened (read-only)	\??\W:	ChilledWindows.exe
File opened (read-only)	\??\A:	ChilledWindows.exe
File opened (read-only)	\??\H:	ChilledWindows.exe
File opened (read-only)	\??\K:	ChilledWindows.exe
File opened (read-only)	\??\O:	ChilledWindows.exe
File opened (read-only)	\??\T:	ChilledWindows.exe
File opened (read-only)	\??\B:	ChilledWindows.exe
File opened (read-only)	\??\I:	ChilledWindows.exe
File opened (read-only)	\??\L:	ChilledWindows.exe
File opened (read-only)	\??\Q:	ChilledWindows.exe
File opened (read-only)	\??\U:	ChilledWindows.exe
File opened (read-only)	\??\X:	ChilledWindows.exe
File opened (read-only)	\??\Z:	ChilledWindows.exe
File opened (read-only)	\??\E:	ChilledWindows.exe
File opened (read-only)	\??\G:	ChilledWindows.exe
File opened (read-only)	\??\J:	ChilledWindows.exe
File opened (read-only)	\??\P:	ChilledWindows.exe
File opened (read-only)	\??\S:	ChilledWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
142	raw.githubusercontent.com
143	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133739108210393748"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2045521122-590294423-3465680274-1000\{A5993785-BF15-4A0B-B9C0-B80E2D7A9649}	ChilledWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
512	ChilledWindows.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 1040	3624	chrome.exe	85
PID 3624 wrote to memory of 1040	3624	chrome.exe	85
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 1148	3624	chrome.exe	86
PID 3624 wrote to memory of 4636	3624	chrome.exe	87
PID 3624 wrote to memory of 4636	3624	chrome.exe	87
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88
PID 3624 wrote to memory of 412	3624	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://github.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff83443cc40,0x7ff83443cc4c,0x7ff83443cc58
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3012,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3016,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3672,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3032,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4580,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5052,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3664,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5168,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3312,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5032,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4836,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4080,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5376,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5364,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5744,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:5040
- C:\Users\Admin\Downloads\ScreenScrew.exe
  "C:\Users\Admin\Downloads\ScreenScrew.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5344,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3344,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3284,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:1784
- C:\Users\Admin\Downloads\ChilledWindows.exe
  "C:\Users\Admin\Downloads\ChilledWindows.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=960,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5984,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5808,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5872,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2708,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:3924
- C:\Users\Admin\Downloads\CryptoLocker.exe
  "C:\Users\Admin\Downloads\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2584
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:3688
  - - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000021C
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2976,i,7025334629207914907,8598473799808889269,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:1996
- C:\Users\Admin\Downloads\CryptoLocker.exe
  "C:\Users\Admin\Downloads\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2112

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3668

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x2f8
1⤵
PID:1648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4404

C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:876

C:\Users\Admin\Downloads\ScreenScrew.exe
"C:\Users\Admin\Downloads\ScreenScrew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4860

C:\Users\Admin\Downloads\ScreenScrew.exe
"C:\Users\Admin\Downloads\ScreenScrew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3128

C:\Users\Admin\Downloads\ScreenScrew.exe
"C:\Users\Admin\Downloads\ScreenScrew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a168ace50bb0686e84fc73fd28d98520

SHA1
c70a7fc2aa882473fed4154d45efe4c37ed73299

SHA256
ad33506bf64b456f7648bb74465655e95d131f6f397d45daccb9b0af4f740015

SHA512
a83d48ae8d06931cb802e713f5bb74a1f6edd1e657ad51a4ceaa6f7e96850cc23a41c8ab631e6316fe4db72235778ba931177191b8c4e0f3f40d3b76f46fe1c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
1b6703b594119e2ef0f09a829876ae73

SHA1
d324911ee56f7b031f0375192e4124b0b450395e

SHA256
0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0

SHA512
62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
2fc909d72b9efe85b9edee40caf9acdb

SHA1
e49a82568d68cc0df49a9018918e8d9799be5c45

SHA256
4dded3fa8a503272c8d1500d6e0667a1ef57c61ba5332c48e3219bb6f8e1c030

SHA512
f5a1aecbbc881e2059d30203da5a5f68dac2c1128926e8d33be79e1e3c70fd3aaae350090530c9d190ad89ded6539200821d6acf5a3d122313c7bd7e84f30bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
37KB

MD5
7fe4c7e5160e07920449b17f3b7c2940

SHA1
4efeb29ad3a180976839c958709a321da3c2f2dd

SHA256
9fd3b41781ffa2ca9b86df84c8f4ffbe0edb82b154ce03024659f7fe1814ec68

SHA512
421361c4f519b3f3b5e0be9d47cb22252d6dc865cc8d82389b632206b789d4ca4d274873e411c563f75152c2a3a33c83d4599e685c45a0c017870a43dbaaa079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
19KB

MD5
5631d14803bfeef2b891791f0c8c456a

SHA1
f6cded7f79ea091f23f0b8cdbd1f97d0a412d721

SHA256
a0a76e5cb026f6bb2621896a5d5b0730f9db44d979de5d65f0541ec8a57d65b2

SHA512
ef30bc67ad6e3041cf0e77b5ac6c46fff59e3cd53231df711ad946e1b68c158e60878ed954e4d2018adb4b0695a23313df1f652c70cb018ef5a58cf1d4ed39d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a35b88267063b272ab4d85594911868a

SHA1
287fbe294ae67056800f92bdb7b2e4d9c895ae6e

SHA256
a241dfb8e2e3c198ec68451db3dcfbe08390e3d7e9ebbec23d4e48042a0ec2b3

SHA512
5f5a3dbc9a2099b243fe39ac3b098361d2fe1adc2aab320d4c0310dbd71e51be17f1062b5ab5d898e0eded9b358ff4caf9621339c62425cbdeccc7f1e35462f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2d29633dffd8cfaa8894fd8d48691cf9

SHA1
3fde88be098e26b4837630608a646d7ef45b5a7b

SHA256
ab93d27ccc215a0566d757f1310e16d1769378c4e201e000fbbd78247832546a

SHA512
47407021fa5dad6d32274b3feb2cf4e1e2ee66de7feee1b95d95afd5f3d63d6c7d42a907cfdcb01d61337e3e8126bccbc24ba39760382caa6946431c31d9b6d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e30bdaeac463b0e94843fe16202e6c8a

SHA1
d0f8682a8a195cd1065265f04be9ab41db27c426

SHA256
72c93ff283ea15eed2f9e1bbbbb2513ae0e9c15863cd7c302da034acb6b6c49e

SHA512
49b584a1b95407639820b241f0a9dabec100527899d656fdb2348d42165bbfb7f90677797275afa2577c0661787aa87d5e81bdf4a927fe6bc589cddf4b7f8f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9d5d36dddc0b338cd636168b84ed4f17

SHA1
3eddbfdd867015cc4a276f46b9b6d428cc119b68

SHA256
3678d1894cd7598c2206f363e133ca8ce6003e302d294872545a334f7ca3ec6c

SHA512
73ad1dcfe05e4037831bf70e6428d68c41d1ad3dcf8c2020f075b9813e6b271a5f42b577c70f4f7abf32d918d74a609af590c56405e5fa3eb90db93fd4e3fbf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0381bb9c800685bd6de11812f3a620c3

SHA1
0bcb3206c64b0e7f148e7d5423fc516272a616ab

SHA256
6dbb69ba8c56d08a387f3cb8ab2b8f3e33790e9868ce69d2b3e061a3fb7dbecf

SHA512
66c5737b23b98bcf8fb5c397be0e62e3bc3c7316fa711a5d957341281c4a639b983d9536a2ce31b7367b65128b75ae7a4963941b32c9ab930b70e479027dc94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
66880f3c3f77ed1242c6fabe965ecd3a

SHA1
2ca66bf0d3a8601832a0d41cf92a00afe7dda5a7

SHA256
901e7dc35095ae2b3d6cfcf3bcc4d33926264af1d6e3b77591f88bcfdf6f7611

SHA512
83ecc719d3705e4c60d1ec505a316e890e2c546f84d9714b11200da82aa71339e92deed6cf1d090b5ce8745241f138aebc14ad3d7d176cec688b3cfdcd8dd4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c996cf711d053da6c8376f051df45b04

SHA1
6a14566e6e6f104859795b7d1ff386a479fc1799

SHA256
ee91e11e95dcdd5e12373a8801335242efc54d51d85cd96f8d4c856c1295d869

SHA512
27b7eeb5d97321bf7d81054b84eccfdab268d052a374796a2a8f4eb27b4fc2e8a10aeb1c1e77f775d9fc633086c82e0f884ae16d333d19dd214c042fa86f5a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b41df878b71a7a94152596737cd9423d

SHA1
803c80528fd93345afdb8be36788238e789180f1

SHA256
eddb8a3df92d6667ada54d7694c150d13b3e32acf13b2bea10553f8534197cb9

SHA512
f43544025a7f0f4b4dbd4c60710d1742fa8988e26a614fa74f1cbbf5fdd01c5d248adfe0809ee31fefa34334f465c973a172336ca0eb37869f125bf70130d5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db019d39033ae049d316ea8412e27c33

SHA1
81274be6a5743129bf16b8f52b87734aa98f8151

SHA256
677de03d260f062eed3a71d90f1be4f0200d635a9ba5c7b905b5dfdfe404ebf2

SHA512
43542b2da2cbaf4964bed0832519fd3fabf2fece9b3a87f75cbb1b239ab3918ebd57367f37ad8e4b8b3d05decd6b1b11489b14ce483b56b634e0b25fcd171624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a01ed090517217e1fbf8e8a0c1080b7b

SHA1
62c400900f597a95a6fc6e3b7de5554d091d4db3

SHA256
aa23385c5b429c08e4e218f4351c21a98a4477614acaec854c5819d0a209c931

SHA512
08304cc6eb84c601a81a9572b46f83f0397365fb19c7f0de00f28f1705c90b738e65de1296924d9ffcea1518ef30485686b9adb6431601a45447cc0f1b449627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c059ea66e6abb900b34a3c90f295fe6

SHA1
f84dd6be17e662138166a20efdee5119234480c0

SHA256
5ee1ac37ddfaa099190e79914648b65d51e375b0019de66d309614e2c6f0fc17

SHA512
398b5374ec30cf1cdfdf74d7e716164d6529968ab983fcc2b49d882671504800b42d3f329312d40a98aaecb6fc75c1357fff964b532274fbc1f157fe6e967cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
11c7f7d4599f5e1cf97a68e2f31c32dc

SHA1
fd8f5b21c0d8918a4ec2b3993cd76420b419c043

SHA256
245a8e429dbb70c3e2f42f1287089dde61e9e80d21c270a42ec72fd455e33d52

SHA512
0c31cd311ba195917737ed04b15ef7e4a8278cfc6a4ad81eab0fc7b7b104f7075a875da21b94cf464a145b0a81da4fa5f2e915b4f888f7e7dcc777af68b059f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
858e063131ce70800bce7c6db4fb9912

SHA1
9279733d13c2851281817bb5a1c6129d25424055

SHA256
8913c695d8f7c81100c9e49c9fd4d43ca2a12f7334763b6a42fe235e69dee869

SHA512
66c4de407bf5696ce190da70411771402eb1c697b251470e12be70c46a3fcd5900208b0fbaa3bea4f0b9de1fe1a60e9259109852062169a8f35a31fc8efbe5f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c92b345fab84877bccb5b0d716a6595

SHA1
32329b8665f9c3bc48dfbdb7ca005673226fd875

SHA256
ededf7394adf2cf6cd3cdf2a4d63d13619e5ac86d89d432d54eb6e152892d76e

SHA512
c0aa1c560f28a0b1278b7bc323742eee4a56b426ff6eec3f532530778a6e7a39a2377e4cc61160cd46859399a388f91f4c679a48d028f7334f5b8be0cabeff0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d3e74cb6b3f5ba8570679b4a8322a34e

SHA1
004ade5f2c3e0cfb8e355a36d0aed52d8d7dc4a2

SHA256
68cd157ae6160933e54d6d432e86538c7b9b803fb2aa3be90542526d8cf58ae7

SHA512
f455fa59225071bdf8abb2bab9a31af36967510a068372cc26c31909f4d4a3bb31bd6190a4537b9a0476e8244e092c4daf2f1d1ae4c6af49200ba420a76172aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c969123e68add1e186000f14c145add

SHA1
eacbf008e5391e768084b31feeb732e8e3f81c1b

SHA256
4c5a97d4c7bf82a418a3356197af5563367b8571e8bc3e6c7dd4cc558f3f8ecd

SHA512
0d533412797222b6fa37b9af488ffaaefb54e703ac2bab69c77d44627d5fc29d624af9fe6676ccf9eeac982f281f07a40703bdcf4e5bcf18115381adb5dbaea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
72410504c00650e44c638f642e27d0c0

SHA1
dbd0efad091cefbee5039621738f1394663e1269

SHA256
7090f19832214c041f1945704b174397008b2b4ed07b899f5b5884e01bb2f104

SHA512
203512262e0f72be52b1ac636787955ffb726433400e38d524fb6a7ed49d414cbc521df6d4a407bdd665ec110f335a487ed83f76b5adce9db3aa90a029535e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3203d2e290f96460f63d344bfef9c399

SHA1
d4cec65488687cbfc60c6c89359069b656bf62a8

SHA256
118cc8e1dfd16d38e767b337494282e4e0f7d25d55ea8f19bc111762fe4e6df5

SHA512
83848ee8a008c897046926f56a75ac562bfb877720a162d3b4d5bf1e5007da11991cbc37f4092713f30caba4928c6d26808813c1b2040ceaa5c41bb0ca87cf90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3445e5a6b6091a7a177d7b4431714c44

SHA1
98ce2dcebc138f581ef7b49b885ca416370d4ddb

SHA256
9ad690fa2f7ed5bfef0fb56384509f1549258610283b08dfe119f0937102dd7f

SHA512
e25832bdbbc80dc77837e7941de514e60e3316b2b6150d6dd0150eceba49b5b1ee3c1afc6832875cdeaba97ebb48150d99ef40591ad9e0f3351f89d4b07284f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1006B

MD5
b66bfacf2cc687180b2932456aa97532

SHA1
3c3686e292eb228c7cd7d8cd3cf042d31594dc87

SHA256
7ead8dc77ddb9794e4f8ac8ba23c510c0470a48af298e16f5d427a78446a79c9

SHA512
899f35af79f4031b633e98e7645dbcc757dcdfc4cf6743e5cf6dc46f3a790a7858e4834e12c7a8093445b0345c773326dae71259887834ee30081d4ea414fdbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b5794d6700c5e92cda4d6e28038ed03

SHA1
39295f36691c0fb31127fcf345715407a28a7294

SHA256
f2a48e4593b1b01240140768595a9e8de6fdd8cc388ed21a83507cfed3076c6a

SHA512
d9d33678cf3cdfd9d7d6e7e374fdc5f9a78f8a63fc367876a310842bb6802f4e62fa0c819cc1d2e6b9cce1cce5ce82a16e89b7d20efcf5ccf8d891ae6ba4a6f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
11b76af019c5482dc9a8c223fdc120be

SHA1
80578e3a555bc2119f63763df7439d290796ffe1

SHA256
bb043c1576c16a27cd7cf1f91504346c57f3723cab357b931637af289bc097a6

SHA512
5f85e5ca7f045fc873b7d3f45154a4575e38960bff6520ee90e5db402614318702375e6c91e9dda015f060011e184e7be52465a24ff3a095327070a47af9fb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f7bb072abb830bdf73e2696a7b5b6a3

SHA1
3bf768686a2550bf9c5e546a180802778f401db3

SHA256
573654cc935903f8681561564f65767648754ceca62882bc56f992d3acd04a20

SHA512
f3480e71c76725b50dee58f21fe0b2470865f1fd39dbe289b2bd312877bbbb51e301de744b0229b906aa62dc79a6b7b001d21c9f65c43b817fa75617bd5eb245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aded24b0d9f46c1284d8a8547128625f

SHA1
d8ecb57e58df56e8857f7b1d63c139ca961065bf

SHA256
613413c9f9d879182737de7e36664e1d8ce6842219a7a21f48f716f57c5a2000

SHA512
eedbb71ed275c90ef49aea3d97d1b0dfd98e8f6effc2c6dea3bb2ba6c33e4bdbaaae82c613a07bed9cffe96ce5a4714e5d29bc4c18ec0aa28677501bf8b58853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f00ff861bb1436f311bdaf45fd10d7c

SHA1
bd06d5ba564cf3f3be1913603a3a847f5bc15829

SHA256
70ba85580563bbba66a610e664b47d13bfaabc06d1dc97960573230b44df70d6

SHA512
1452c603fb5f004d42559e7d9c60d23bafde77cfbccae5d447bc9f2a4fd583239f35b0bc80db3853fd93141589bab87e17059eaf495af7da1fd34b8b1b519808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7609ce45f66a99a43e759f202c0d1e8a

SHA1
a27c9c42f60cd2eb1816e0fe9dd74994b95419d9

SHA256
316f408ea19e9704af8bcee1f57286c1ba53d2343c0b186975a3e5cf4958c227

SHA512
f8d7388d98984f1b948710d82f974b227ef0811fb5a11739d99f7bc7f1404e0ce1b811aeed124255fb7a3a499841b35c618e67226f67e32d9ce16152730efd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f5eef9f138714a3342121b49dbb736e

SHA1
140305da3cc0a4219289fcf17e41028765ae425b

SHA256
6dfe4b6b0e8aafe627304ac2207097a98570796680df1ff5f2da8b2e77c6e03b

SHA512
a82d3034d40943e256258a8ee7c85135528de24a3127bc968d4afc4c1a47c21530349662f83c9cf533af5988fab94b5bb29eeb0571a91a9639b00ccead53aa2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a75b8f68ca97101d0788fd50778fd18c

SHA1
8cb7141a8467cfd1ea145ec96bbdfcc2408d4c2f

SHA256
ee92ffcdbc246f257f656239ee1c92b6a743d29562e0ada6e0ef1e8c6c7f95fe

SHA512
504fc9a06e7ac9e063841d4547fa22d1050e9c8ad1005d8fd624e65b83ccdaf3b482becd11ed205e9b5cb0a6aeb4ec0bc2fb6cdf14f999f66385cad882dfae1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
653e23bfaaadfba909497699a51c2724

SHA1
5ac2d17ab283c0ce7cf671897a53c3e76d9593cb

SHA256
34121c5e33d99ebdacdca3507d91b054334de2c935459a6e94c4d684f50b0c8e

SHA512
ab0c77c8731c281f6df7df7b6b318e39cc718dc96a505cc3d2abd10d612ae211767f06afc06d0f95351bcc0ea4531fa01042425380d4752f37e26914b1fd7d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5ec1e1965137681f35208dbab0a5ed55

SHA1
f79f6fd798634f1da7100d663dd14b4f6aa25c70

SHA256
abc3566b87d00a6b5fedc571af1c83aebd5c97129af4f7617c07f91a80f75150

SHA512
f18f6a7f7657219a076d482aa5e970828a58a36ac52d13dfe779fe3bfe88eda7770767b4c55869f931b2fec7e669b5a841b7efb277a937e9d27d2947df090842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5bf2327963d1e9ad3d83e0a8b336740e

SHA1
9a9cdd36ac111c035e444cba65d46b33c03efe7a

SHA256
8269dfe3ea20fbf6bb28451f8779225c668d994a32070b6bc7e20b2b22075d93

SHA512
f87d4b9f071a3915944426c00af4a7aefe1ba405c4d74b106a1ed71c05967a71797b3c7b221ac44a87b43d6e33179d29d62bf9d90cff832b6304c1b75db4bc19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b2376adc75710a0108e99f31f796ebff

SHA1
607e87af3a58b1405181cedfc2817f8a47239771

SHA256
6028e6c6960aef2781391808d284860e26700ab417298305eb2b62822da718af

SHA512
6ce018633fbb8d0cd59502e6bfb128d8dd67c2a1f9279f9a73557d54bd6a2a832a37d4dbbb121db5befdbc1ab7f27f6d7531c81e204ffc24c895aad4224e7226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1f8d33e21f28a6047492ff77c8dd3e9

SHA1
8a2b93cedc6f81378bd9b3f4bc419b26df001dd0

SHA256
ddb5cb3eee0269d27234f3fbebb1571bd07dd9aa819b05fa1e80f7696c0992ca

SHA512
6dc753481ecc774fe16c4b57eec2e63733807e4bb0d2f0f01dd333c4a5c001d79ca5956741416658d2f49c0a8dce523dd65a9f0ac6ff3e1f483db2bd6ac09dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a59110349c639228451770f7c1578791

SHA1
b3ddeef104462db23d73109b21951682f1fead7e

SHA256
8f2cb021bd5c315d569052cde8227b82784c9f713458c4ed618b762d4132ccdf

SHA512
bc19a71b934008655503a7891a06863ebb932f1e3074f9a67679071e5540cfefcc090eb23f5361580539b9c9d90a5e0be63d1d8fe4cbd902755acf2877a4d3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0caf6f74dfd8fc94b2f9732165b1978d

SHA1
b785dc63272bcb03cf904c56ac03fa407f2d8a1d

SHA256
f092543a3efb7e3c09c77dd739f0386e3d8537d451fc408133e298f4a2203dbb

SHA512
844e5f9c3b61c1863144f51220536ba510b2227ef032f2010f0e1f78ea05dabf9e020305a785edfa44377def2539ed245161706f764fc129cbe70d3ed4191688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a564da208f159494f3781559f9b39473

SHA1
ce47e2251735fb648f134bfbd57b335055e712af

SHA256
30515ef82add20bdafd49875af1d4b10c4caea4546960ae1abd7899f73d2d2f7

SHA512
5efce651c08bda52072093e3b29a8da5a982054fdb6877efc8818490b0b5faf66df4578e11aa349b0a0dd36f0fb8b92f4071972155c2e4e527f731e1c1df0f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93cff61f73c15716479098a2c21a2722

SHA1
5b2ddac3823828c1eaf4bf63495470b3ff325b78

SHA256
712dd0842dcb35a7d77959463380a82713bb8fc4232f29b7ed5d906a2f702d7d

SHA512
7ce8aca2cbea7bbd4be2afe9851a4900424d2bdf8b1e021e7626c59c83300bde7ea81424059ae561b2e68659fcf826cb66207d2d74e73173c8af89365ce51066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
971d263dfed4c05d92f0abce5c783a2f

SHA1
6b7c644ca2c73c81a134aced560768bfd04a8a18

SHA256
f5fac6f61975b1cf09adf83972e91f869025cf97c081b08e5fffd54f53b20753

SHA512
187a83ab14a0e9627e0deba27226e30db0a843ac95a6cc2b0343e2554aa244542add3557ee80078dda4eaa10e7bc593aee809cc182084adf471eb586fb5d10d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a1cd319c48450dfeb59a3a26edbed3d

SHA1
3bcee3d75124b9c9ea490cd2a902fcd1b5e160d7

SHA256
dc8f1e61e51039038d663b9fd6052b56fc8ce5d3eab280aa666e59eca87f2f5f

SHA512
1fbc23e28322c9ed938b02c0f74775ddcc6987cd64ade54a35737810b07422f0e92636def3850822114192fb8fd3ece25060b9687617d3e737fd5e5541c001d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8d34deb7ed0468447f8d968972402e64

SHA1
471c90d214e7bd319e27cc827cc01f49e455efe9

SHA256
7699957952a8b663c1d5a5b90fbfa67c07a417e18d543444e5f1f6f0a8de71b9

SHA512
d61da7187fdde326bdbee35fcb3f7c781e3e4d845a49b0008d7332b22f79f1cd20f58f45d52729d5ce387a59ec6bfc037e0da459c3fcb3c1bb3143c5ca2dacf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0343b7aa6a8973b2ca8fe106da988dd9

SHA1
d326a90c4eafd05658cc54376e4c918bf2c7d6af

SHA256
dd3a720122f31d50bf0cc8cfb852eaa77419e88c20a4e0415b09ec2ff53532a0

SHA512
e73e1bd601a86e5076cd51dbb3e1e86c25ffd82ddc2b7fd2af9a06f70d56b6c7f183c70434ce563cc630463ad78357447e60a900436552986ea75b6c0e08c98c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
aeb6bead42f697e01f0bacbd49d1f74c

SHA1
2df3ca5902ae62e94fc20d9225af3548a6f29832

SHA256
13c5421877904565ee1174d3a34f06cde9df4a59612b670f90862a306b50f619

SHA512
cc41230bc82658e997ba2ff8fa76fb63dbeed0fc035faf89c9cd22adae42c026899dbe027170c5d36a1c0494048e0af93b8248030a369ad1ab18ac3c0b969251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
704KB

MD5
0b25e139ef8f069da888fa973b5851ca

SHA1
55c18a7a46412713fb160ec8b1c3b70e848b92d2

SHA256
d7f8750e9d9590b202b63ea1feeb0320b09f4390939fc8401012d84a9490eaa6

SHA512
116d2e1f048ae63f6206013a4586e9c2740a9bc3a2d883f6e61ce91e1a0e16de602a550eadb8d0e0fa743801646728fb1061b02babbc1220d0976c280974b30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\Downloads\ChilledWindows.exe

Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\Downloads\ScreenScrew.exe

Filesize
111KB

MD5
e87a04c270f98bb6b5677cc789d1ad1d

SHA1
8c14cb338e23d4a82f6310d13b36729e543ff0ca

SHA256
e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

SHA512
8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

Download Submit
C:\Users\Admin\Downloads\chilledwindows.mp4

Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
memory/512-719-0x00007FF81F470000-0x00007FF81FF31000-memory.dmp

Filesize
10.8MB

Download
memory/512-666-0x00007FF81F470000-0x00007FF81FF31000-memory.dmp

Filesize
10.8MB

Download
memory/512-775-0x00007FF81F470000-0x00007FF81FF31000-memory.dmp

Filesize
10.8MB

Download
memory/512-720-0x00007FF81F470000-0x00007FF81FF31000-memory.dmp

Filesize
10.8MB

Download
memory/512-718-0x00007FF81F473000-0x00007FF81F475000-memory.dmp

Filesize
8KB

Download
memory/512-699-0x0000000021680000-0x000000002168E000-memory.dmp

Filesize
56KB

Download
memory/512-698-0x00000000216C0000-0x00000000216F8000-memory.dmp

Filesize
224KB

Download
memory/512-688-0x000000001C560000-0x000000001C568000-memory.dmp

Filesize
32KB

Download
memory/512-667-0x00007FF81F470000-0x00007FF81FF31000-memory.dmp

Filesize
10.8MB

Download
memory/512-664-0x00007FF81F473000-0x00007FF81F475000-memory.dmp

Filesize
8KB

Download
memory/512-665-0x0000000000C70000-0x00000000010D4000-memory.dmp

Filesize
4.4MB

Download
memory/1444-1128-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3028-805-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3028-617-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3028-618-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/3028-1151-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3028-593-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/3128-1127-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/4860-1117-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download