7135c985da8136c9a9d794b4d81a752e4e4e0c2495e1e372d664eb853b310a83

Resubmissions

17-12-2023 17:39

231217-v8nksafbcj 7

Analysis

max time kernel
123s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2023 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jellyfin_10.8.13_windows-x64.exe
Size

122.8MB
MD5

83329554b6f0f7be7554f77c2c5768f3
SHA1

e537640eec9a430ec3cf07a5219e2f37c511a805
SHA256

7135c985da8136c9a9d794b4d81a752e4e4e0c2495e1e372d664eb853b310a83
SHA512

7945c7fe6c17482da4d82128cc27608651e330782e2dd57e9a71cf4106dd8e00b77d3b2c7dd1cc6f06bf9af77798dd46187b303fa79d62c5bed1071fa30a95d5
SSDEEP

3145728:Qzo95K/eptH53y3cFnFFHzvEGHfx0OxYZ7SZFKxZNJ/kwgXCYw9X:2o9Uef53qyFFTvz/x0O6swNJAXeX

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	Jellyfin.Windows.Tray.exe

Executes dropped EXE 7 IoCs

pid	Process
3640	Jellyfin.Windows.Tray.exe
4940	jellyfin.exe
4752	ffmpeg.exe
3516	ffmpeg.exe
1368	ffmpeg.exe
3684	ffmpeg.exe
3428	ffmpeg.exe

Loads dropped DLL 64 IoCs

pid	Process
3632	jellyfin_10.8.13_windows-x64.exe
3632	jellyfin_10.8.13_windows-x64.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe
4940	jellyfin.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JellyfinTray = "C:\\Program Files\\Jellyfin\\Server\\Jellyfin.Windows.Tray.exe"	Jellyfin.Windows.Tray.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\8d454dbef7b7d62610ec.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\api-ms-win-core-console-l1-1-0.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\0968e37fbb5142d14898.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\0ddfe46ad1cd6c7cbd3c.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\44afb823c25c57fbad4c.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\4aa6e527680b42467da0.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\55f63ebf37a4d9ca69cc.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\5740.a144cbe15436c67c4387.chunk.js	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\bc19b48fc89dffbcb064.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\Microsoft.AspNetCore.DataProtection.Extensions.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\System.ComponentModel.TypeConverter.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\8d09dafee460384f846e.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\9fa19bf2bd6c23a055e4.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\b59ada8f3931fa0d3377.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\a55f214b3f05f3d41afa.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\fdd9985e4129e3fc47a0.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\touchicon.png	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\System.CodeDom.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\20fe05c178ab281fdf9b.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\71fb7fb7b9568b93c6b8.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\b1ec90a45cd3c90fe3bb.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\MediaBrowser.LocalMetadata.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\3690006fe4e087a680c8.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\36968bc9f110b2f047a6.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\72fbee828395ff11b5c9.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\ce430f6cc7981c1ca443.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\e62987a12a58b24f383a.png	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\assets\img\devices\html5.svg	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\Microsoft.AspNetCore.Http.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\1916.1d5c5908a8de0a32dbd9.chunk.js	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\3b54aabf79197080a31a.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\3e048325f324bb5797cc.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\7b196848cd4a28a17fb7.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\themes\light\theme.css	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\73b0c520a21c03957722.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\d5b0a7b783a410f8eaa0.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\e80c1df687fb3fdffd73.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\ec372129e66a57146f5f.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\3793.d0b3a6a1e2ba5944f89e.chunk.js	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\574.c2a1067664b21842ccb2.chunk.js	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\8e7d099aa48b74d21943.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\b342b07f01a1758ec6e5.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\cff52566df75f15f29dd.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\d9d022e29743d9e8edc2.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\e80707a34571b725e616.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\4293d79aaa7196eb9ea3.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\68dad57e0f6bd7b9ebea.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\7c296e0db9aef0b0079f.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\a4aa323dfefcebd79358.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\livetvsettings.7d4a7089e10462351ec2.chunk.js	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\0fd7f567a29e06f0240a.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\33b4b957e4f6fac5ff80.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\dashboard-dlna-settings.f9e8919985aa9e92a997.chunk.js	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\effc94e4513cd3175bd8.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\Microsoft.AspNetCore.DataProtection.Abstractions.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\api-ms-win-core-interlocked-l1-1-0.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\comicsPlayer-style-scss.134a8d476fc08f48a9cd.chunk.js	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\d8939868e2490ee3843c.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\94a7706ebf336dbab6bb.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\Microsoft.AspNetCore.Authentication.Abstractions.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\prometheus-net.DotNetRuntime.dll	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\09338b0ad9049bdabc2c.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\14dff4a39f5aad4fa9d6.woff2	jellyfin_10.8.13_windows-x64.exe
File created	C:\Program Files\Jellyfin\Server\jellyfin-web\4c681156cb4425b9ffb5.woff2	jellyfin_10.8.13_windows-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3640	Jellyfin.Windows.Tray.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3640	Jellyfin.Windows.Tray.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3640	Jellyfin.Windows.Tray.exe
3640	Jellyfin.Windows.Tray.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
3640	Jellyfin.Windows.Tray.exe
3640	Jellyfin.Windows.Tray.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 4940	3640	Jellyfin.Windows.Tray.exe	98
PID 3640 wrote to memory of 4940	3640	Jellyfin.Windows.Tray.exe	98
PID 4940 wrote to memory of 4752	4940	jellyfin.exe	100
PID 4940 wrote to memory of 4752	4940	jellyfin.exe	100
PID 4940 wrote to memory of 3516	4940	jellyfin.exe	102
PID 4940 wrote to memory of 3516	4940	jellyfin.exe	102
PID 4940 wrote to memory of 1368	4940	jellyfin.exe	105
PID 4940 wrote to memory of 1368	4940	jellyfin.exe	105
PID 3640 wrote to memory of 464	3640	Jellyfin.Windows.Tray.exe	106
PID 3640 wrote to memory of 464	3640	Jellyfin.Windows.Tray.exe	106
PID 4940 wrote to memory of 3684	4940	jellyfin.exe	108
PID 4940 wrote to memory of 3684	4940	jellyfin.exe	108
PID 3640 wrote to memory of 4848	3640	Jellyfin.Windows.Tray.exe	110
PID 3640 wrote to memory of 4848	3640	Jellyfin.Windows.Tray.exe	110
PID 4740 wrote to memory of 2912	4740	explorer.exe	112
PID 4740 wrote to memory of 2912	4740	explorer.exe	112
PID 2912 wrote to memory of 2848	2912	msedge.exe	113
PID 2912 wrote to memory of 2848	2912	msedge.exe	113
PID 4940 wrote to memory of 3428	4940	jellyfin.exe	114
PID 4940 wrote to memory of 3428	4940	jellyfin.exe	114
PID 1932 wrote to memory of 1200	1932	explorer.exe	116
PID 1932 wrote to memory of 1200	1932	explorer.exe	116
PID 1200 wrote to memory of 1964	1200	msedge.exe	117
PID 1200 wrote to memory of 1964	1200	msedge.exe	117
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126
PID 1200 wrote to memory of 648	1200	msedge.exe	126

C:\Users\Admin\AppData\Local\Temp\jellyfin_10.8.13_windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jellyfin_10.8.13_windows-x64.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:3632

C:\Program Files\Jellyfin\Server\Jellyfin.Windows.Tray.exe
"C:\Program Files\Jellyfin\Server\Jellyfin.Windows.Tray.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Program Files\Jellyfin\Server\jellyfin.exe
  "C:\Program Files\Jellyfin\Server\jellyfin.exe" --datadir "C:\ProgramData\Jellyfin\Server"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4940
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -version
    3⤵
    - Executes dropped EXE
    PID:4752
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -decoders
    3⤵
    - Executes dropped EXE
    PID:3516
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -encoders
    3⤵
    - Executes dropped EXE
    PID:1368
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -filters
    3⤵
    - Executes dropped EXE
    PID:3684
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -h filter=scale_cuda
    3⤵
    - Executes dropped EXE
    PID:3428
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -h filter=tonemap_cuda
    3⤵
    PID:3408
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -h filter=tonemap_opencl
    3⤵
    PID:4260
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -h filter=overlay_opencl
    3⤵
    PID:2844
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -h filter=overlay_vaapi
    3⤵
    PID:3412
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -hwaccels
    3⤵
    PID:2876
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -version
    3⤵
    PID:2152
- - C:\Program Files\Jellyfin\Server\ffmpeg.exe
    "ffmpeg" -hide_banner -f lavfi -i nullsrc=s=1x1:d=500 -f null -
    3⤵
    PID:5260
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" http://localhost:8096/web/index.html
  2⤵
  PID:464
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" http://localhost:8096/web/index.html
  2⤵
  PID:4848

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://localhost:8096/web/index.html
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebf1346f8,0x7ffebf134708,0x7ffebf134718
    3⤵
    PID:2848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,14208973768456439491,10481975441875690442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,14208973768456439491,10481975441875690442,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
    3⤵
    PID:3972

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://localhost:8096/web/index.html
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebf1346f8,0x7ffebf134708,0x7ffebf134718
    3⤵
    PID:1964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    PID:4912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
    3⤵
    PID:3900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
    3⤵
    PID:648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
    3⤵
    PID:1040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
    3⤵
    PID:3532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:2952
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
    3⤵
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
    3⤵
    PID:1940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
    3⤵
    PID:4668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,9495510264388802708,16049540221296815849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Jellyfin\Server\CommandLine.dll

Filesize
220KB

MD5
05c71fa3a6fc561d7a1f919437dbddfd

SHA1
5a8cd6b38ee5d63c60c7747de6b5469ba5d1e6b2

SHA256
8a55501cd1a1590a4bd93a17c6fdd2c01a0ed5bff1aea9036bdc78d98c9a3fad

SHA512
1ab183d67220c8b8999b6ac032ac304f57960faf0e908404ffa3aa37c010d1a063d7734923a1576f18a69f7300b01fbbb395e3dca971e1b125b1b3b67ab858d0

Download Submit
C:\Program Files\Jellyfin\Server\Emby.Server.Implementations.dll

Filesize
858KB

MD5
de73275a399a50ede3061618ff09ef43

SHA1
9312274b30b0cb1aa38fb5c4aad2ffa7644df9e9

SHA256
65e06e77eac3fc2b6389b1710b805d854bf134b5dfeff4da5eb70563044d26ee

SHA512
8e3816a54f26d6946aa76c59b8fb45852015a3183a6422f1251aa2de07e157ebc284ca3625a21ddd9281cff3256672ef6d3da4e46f280a99c7d7fcacf539380e

Download Submit
C:\Program Files\Jellyfin\Server\Jellyfin.Server.Implementations.dll

Filesize
265KB

MD5
57a36a77ceebff0594765bac6779a9ba

SHA1
c2346c949c0bc570588f83e6858e20e52dfc7d1b

SHA256
dcd600dd2eab209f3e94f6c758946d4678fd905e23005cf73dc8aff087b41744

SHA512
3fc5f88321d190d6a40738b57a18e9712c974efa4e6bc11b05c7b0afcf64d80276cd5e6837ce219b72cae952fef0442a4059ec38bf27743f469389d046691141

Download Submit
C:\Program Files\Jellyfin\Server\Jellyfin.Windows.Tray.exe

Filesize
353KB

MD5
1b10b8e0f1ddfe2cae19344f8fd9f029

SHA1
e6b509704352cab77ca2ab4c0ecc6ea5c3b63766

SHA256
bb40c76a31af08d7c1a33165cd0b564683b265174c12e357e67eb21e31d2e5ca

SHA512
8106cb8a1685619eca4eaad7037081da3cbc8bc5b463b811019940973a354893673c652a4bb87d2a2a92aacad910fdcf8398f8a89f6937c4193e65eddca9ea7c

Download Submit
C:\Program Files\Jellyfin\Server\Jellyfin.Windows.Tray.exe.config

Filesize
542B

MD5
fb0a735a00e8377f22d61ae5533013b0

SHA1
1bf75ba078d679b88748f9260c1134a1918978f1

SHA256
391f6a9e3a16ecfa44ef6dd5702c9c29332aebc5ed2557dfb308f1e9d3bd40e5

SHA512
029f9545609c60126de30a7d19067abe315ce32ba79fd208de0fa9b1e0d06b06b10b9d5ab21459c9c58008cec2a35a95e4c338df42ed922f49d71121ed854dcb

Download Submit
C:\Program Files\Jellyfin\Server\MediaBrowser.Common.dll

Filesize
46KB

MD5
62301f4fc8a02eb2a987b813467722e5

SHA1
4342c9e63170d30de5c4e2f52e746f9cf777cee5

SHA256
240077a35f0fd1d694895fd87ad677b6a20143aac115cd8cfd8f62f87dc62827

SHA512
6ffa8c312f49b6fda20c94fdd658ff57256604d5cebd7a368315acedd506f07b5e23745920adb5bc5f6c66dea71175bfe38cde53788ab55c9be420f1505dc253

Download Submit
C:\Program Files\Jellyfin\Server\MediaBrowser.Controller.dll

Filesize
378KB

MD5
41d9e97b9eacff4285b08f53725eb0f0

SHA1
981bf90553912bde90717aad5874312420bc487d

SHA256
9c76d8547aaa738b0b46fadee80e14f2bf9d5f5278abd517985265167aa7743c

SHA512
81f373d530da55126469c046746033081719e5c7b16d39b826768bd3620f18beecffe38b99260f4c21d54c1994f08a7dc79161ef57221af1017c960b8661058f

Download Submit
C:\Program Files\Jellyfin\Server\MediaBrowser.Model.dll

Filesize
440KB

MD5
97a20c759352b598d346bf3926b74855

SHA1
58f65b1bb3830a8133e890f59f5c01fee84ddca9

SHA256
cf8e4450bf115b628b6b80cf50a39366e86c5580df89919a758d296b0a6172d0

SHA512
accc31680ed2c6e746b43a6c72aa5abf0b19736b5e43128908929fe2312954c4de7ee2a9bebf3c056713fc9d462f6871da9c60cb55c1dedaa8c4295a142564c9

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.AspNetCore.Hosting.Abstractions.dll

Filesize
33KB

MD5
10368e1b6bba5233d6d0f6cf5d38e608

SHA1
d4b1cf5b7d076b136c615871739a29f54e7cedd3

SHA256
6eee2c8dd6720aa0d9fe0092abcd8067b946732d6a73c823ea709e7bdd7b408e

SHA512
b602497ae48f1c81305b13225734bedc26964f7066622a6e4a909782d40859ae7356eb6ccb0492864f78b95043576f1fe9162b1f9f93e2dc5791aa20e3b39a94

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.AspNetCore.Hosting.dll

Filesize
371KB

MD5
c8e995817fc4a815d44c55b93dc0390e

SHA1
c6c22cff44021d72462b3359a631cf8a3e86ab45

SHA256
221a36faa1c43e945d710f52fd0311dd6c916ec116cb53fc68ea4639f36cb57c

SHA512
e672582263968c62e9d5b56493ff20482b2f2a372c1c8251ae63786059ebc47091a8e420378209718e912781a2411a53e5c3caa926062400cac50153dad19d1f

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.AspNetCore.Http.Abstractions.dll

Filesize
219KB

MD5
615b915e4cbe606d4e6902f0ee6d951e

SHA1
124b8b239c799f08ed5a5eb8a1e776cd79145e9a

SHA256
752ecb51c9e86cd76de4d6f603a3ca5a344645e24cdd811d20007ee599a879c9

SHA512
a70f68ebc61d750b7768c086dbb10b31e4df7e0e292225f94b3d1cf05ff7985a1aadf41aba202b19955e67e618424713990e234e89e44716a61c4f48cdd1f5f9

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.EntityFrameworkCore.Relational.dll

Filesize
323KB

MD5
0ecf71932cf22e596d0d1afc4ec284c8

SHA1
c4d91aff1f46a98c19b3a1a2b172f36a27cccb90

SHA256
981335117070021915445501245dc9e756fb08dc9b1449763e440c47e9d15c6c

SHA512
560ce0518c115682aa403b4fb84eb9353c4028bf3a01bd132018051ee1cb4b68acebeb0031b72f7d48636490feff6b8f699cac671051d75a685e3772e9d5aec1

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.EntityFrameworkCore.Sqlite.dll

Filesize
201KB

MD5
8bef32cfbae8d687e47f3d0096cfc656

SHA1
09231a36ae31d98a69c60c0ef15365244588d9b2

SHA256
ffc7be342c11a625690c0d4bdbaf5b03222ccc0635540016c58a379a825f6c28

SHA512
cf9eeeb98e2314e7caf674ea64da5074adaad8c7c5f8650cce4fbfc7df8467a713d63697b443ac589ec84c6772ef567d41497e323d96834cb4648a30414d5d7c

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.EntityFrameworkCore.dll

Filesize
378KB

MD5
87a1d50a31bac0ccc09ea9088ad6c12a

SHA1
daa7baa941b1c89005e90e4931255563532f9ea8

SHA256
41c9a7fb0c588e4d5741a4c6ae4912d697597f37fc2a371cdc58847d1700ed71

SHA512
de55a352260f2c7edaf93125e070ffe55774c220d6a439d8edc92c36e409736fc0556c0b919b0c937b4a6b698e3c330781b50ac49d7a6524909818caab84c5fe

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.Extensions.Configuration.Abstractions.dll

Filesize
37KB

MD5
edfbe3a58d69864ab89bea1361934161

SHA1
77b3b85e7f7b6adc20a874579dc9c1707f559a9e

SHA256
8241787e768759418ef157bc7d626231fd4bcc33ec3641c019e0d9a00ea77af0

SHA512
ed0a748f5cd5ab1e2e837e2b63755880e61081a8b7d71ce923585b36f7981a81ef3c6dc78cfd7f9f564b852e08a259dc29dd7e1b2027530fa54f328f659dec93

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.Extensions.Configuration.dll

Filesize
73KB

MD5
9d57583bd6641e891e5617de9dd55195

SHA1
ef345fd3cf8cb3f7eea05fec66cf333b9ab2d279

SHA256
7b5d9539456577738ba472af58137b813f5cc57aa116af1f607d2f2346634aab

SHA512
3224fc8a364be6e5e40330acedfd2fbda111dad7fc22904df4e723fbc11e1879bb1dbfc3d049013738ed01f1544ef6a0455689460f20340eecfb6d6318e41cec

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.Extensions.DependencyInjection.Abstractions.dll

Filesize
81KB

MD5
843edd979698a8febe310e2ce2438496

SHA1
f165f0692f9f674ebd234fa9c7d36ef7f97802d4

SHA256
080a02946c17139d4f807456878a85459926ad3551ec968df567aa65459a63c6

SHA512
6d44f7ef700f9dab2ca6b5e595953a8a190c5630539b95b04a3f1945c25008e1654a9492252e2e913f43212a8a121b8fedf24bb21cb6e02d22bc8278705df0f5

Download Submit
C:\Program Files\Jellyfin\Server\Microsoft.Extensions.Logging.Abstractions.dll

Filesize
133KB

MD5
39128cd67d4e57e01928f7aceee98a85

SHA1
ff347cdfbc5442577729db04ad7a4e79b4225c50

SHA256
42b8990831b420b058bc33ccde4f19a5be5e4c9b54d2922c329a7d434dfeecbf

SHA512
a7727da3909a2feed8ca46548c6a55b991da84cab92ab6ff041d8f115424a6d0cd708e0e1eead3702247a64e935239a255deccd5a58e5958b4b03f515e881118

Download Submit
C:\Program Files\Jellyfin\Server\System.Collections.dll

Filesize
258KB

MD5
f687361f2dc8c90597557c311c4ee1f4

SHA1
2a7cfc6a7e9de416d63836d79b642f92b4ce490b

SHA256
bd70f91f77879c3f3e287ea1eb8e23b2413a938fc61459f766b03865a56fe1d8

SHA512
395c0ddbc977cd7021667907640c8ade41dbc5ba68ae7266303f8b49b7ccfbf226badcfef3bf24ba483793d3fd1b74187122c4645ac5cbe1b72b228390548817

Download Submit
C:\Program Files\Jellyfin\Server\System.ComponentModel.TypeConverter.dll

Filesize
727KB

MD5
98782e2ecef41a8b15c1792dff7139d0

SHA1
4e98889ca0f1fcd36da43414d7b34c8095f780ac

SHA256
59f3d226c8f67478cd6c3bfb8d8984286615aa12c37e6d104f302169cc8ddc55

SHA512
f100ef0df1035645106d9fbf4c8618e32183dac2c9733f48b9339fcee7ed53b9fe1cac80c9373957e543f9c6b8a08d79fe2a5803e020b1808ed0c1eb412a213a

Download Submit
C:\Program Files\Jellyfin\Server\System.ComponentModel.TypeConverter.dll

Filesize
534KB

MD5
4255bea68884bc0230590a7a1558ff9a

SHA1
59730f59508cf5c9882ccfe7d88e9abb5e7d8a97

SHA256
c9ec7918be2b64c539c2735ff72bbb341aff2927a04e134651594873186459b1

SHA512
8063e5ef45c3e8d74fbdecea73b582cc6b989c5ffa01e4fea4bca1a8b377e9e55c003a4bfefa37b28a2ab9f7d531a3968a953d665f0c35fe34b7ab2bdb21ba67

Download Submit
C:\Program Files\Jellyfin\Server\System.ComponentModel.dll

Filesize
18KB

MD5
5342f94876cf07e64e3291e0ce770646

SHA1
004a6bd5b14d895d1d793ffdab4f87ac18744d2a

SHA256
a95b78c33a9414dde2a717457a55d9c2e54fad41b275a98f432de5de044897a1

SHA512
757400a4fd0f3ff2fac8698191fb10651e66846bad1a596ef9b90efb2227cb3005ddc14052b8cefe2c3316d52b662b240122bd4f000c743ba1f902b44924eb2b

Download Submit
C:\Program Files\Jellyfin\Server\System.Console.dll

Filesize
153KB

MD5
96d6fb33157ee7edb681f49b3e70f88f

SHA1
b534ddcc04b20487cd92abec09be67c36264c1d6

SHA256
11bf0b82f8278cb9312e1d7c0871032bef28af4ac5a5d15809738043bdd5c2de

SHA512
b141f8950783be420d01b55af07674f849a21023b49eddc35d8aca09b1a95696013d7aff99a292389ca3cc52db4b88dfc7f43a66c70b1c8d7e0ca2dd959ba52e

Download Submit
C:\Program Files\Jellyfin\Server\System.Linq.dll

Filesize
525KB

MD5
7b05b6162da6c4ef01aa82854c65f6c5

SHA1
d22f467d23dcfcb2c60d437313efc8bb05013b7b

SHA256
2a2ef773073047fa25ec8d9de4e49e775b9904ab63bba02db4d4c6cc41c1745e

SHA512
176615d05dee9ee9c401f5015b868ce2f6548303cddde5c0c7bb60dac42318b09b6d6a9ae5cadb01b0c065b8139154b25953b791ef3f1f7659594f4b3b813b81

Download Submit
C:\Program Files\Jellyfin\Server\System.Net.Primitives.dll

Filesize
209KB

MD5
a1f6d59b9c3e3fc602b630af60234339

SHA1
54019bc376406e9641fb04769230a211e89f3b65

SHA256
1796880c4beb3d5a18ce876f1795c8b7e86f67800dc29131d54eeb518715ea36

SHA512
f9c1acf3cccb238c785bf04ee21054aea4b5a4b2047b80246c17c0e5d72be0a6b30d13fb769c4d0000e4373f85dae0107643de36b14ee49dbf77bf8a1ace7ed1

Download Submit
C:\Program Files\Jellyfin\Server\System.Private.CoreLib.dll

Filesize
1.3MB

MD5
279a4dabe3489e7e7af7886a0372b92c

SHA1
4041595782a0cef2a30dc5cc861019f6af13a72b

SHA256
e9bb9702bb3337dafb1cd791cae96b9dba5b164fd384d680d61a9ea730cb8fd3

SHA512
301fbbdecd840d7a784cc2020b068db45df1d96fce067c0fc3c842babb4fc383ce43a64ee20484a5c24d15ef479b44d8b38c2948a99b4159e7e666a7d3ee1232

Download Submit
C:\Program Files\Jellyfin\Server\System.Private.CoreLib.dll

Filesize
1.3MB

MD5
74db66c0bdb8f7fe8b0a601d0fd200c5

SHA1
78615bc98b1c0c85363bc3388b499ebdae4839b9

SHA256
234cd1f42f4bc3dc0d5e69da45dc13daeedfd9e2376c203492d63a74625ff74e

SHA512
16a4ac72afc78f092e550ad5846f75e382e9d67eeab732b60d38489d74b390309c5add970e2c3eead4883980eece33cf9a719576aedf1304c2c12096b4d777b2

Download Submit
C:\Program Files\Jellyfin\Server\System.Runtime.dll

Filesize
41KB

MD5
d493b2e3691e0f8c7ac457b096f3c1cb

SHA1
93f458d067249f9dd2efeb762c275d0311b2c7e5

SHA256
4ca447a6c7666de87f73a76ba2a22e347f7c8ff3461b93752c6f79f0ccfefb4b

SHA512
684283c7fa97a8964260c64893886f267fe1e8a6b6fc8d568ab3242855a80cdfff5b4ba8ce2805fbbb1a4852e88d926f1ed8d87ef3d9b3f70e40c3a4b37e7707

Download Submit
C:\Program Files\Jellyfin\Server\System.Text.Encoding.Extensions.dll

Filesize
15KB

MD5
745bf7327f08c7f8407c7764630647eb

SHA1
9b23771d4b75b60299669aa1d1b3b456a0ef8b7f

SHA256
6e09061aab5209a4afd6ef3861289c0ad7481bce7c937612b6d6b5865f3f0b06

SHA512
90ea33404810c915e154bde430b26d697ed661664d4a7aea1962f720ec62afeebc71d581d584c0a9b36bc6b80b465bec4672889208090e625e7af938b383d073

Download Submit
C:\Program Files\Jellyfin\Server\System.Text.RegularExpressions.dll

Filesize
517KB

MD5
66c179194eff8d00e5cb160671362725

SHA1
3c9c90c6e8d0df0c173d09dc158d4d2fb3fed64f

SHA256
e28ac930b3309fb865bc1b6d76039c397ed333e9f5b4684a7ff90b5828b07268

SHA512
7e36818b3716bf71befe517455803bfffca44a33d25c9fb1dd88522244200a36c58e7567b77ffc8d503720fbce87710e16d6b21377cc9e06a4fc0d3cf9038736

Download Submit
C:\Program Files\Jellyfin\Server\System.Threading.dll

Filesize
78KB

MD5
dc0cf475432fde4bc85a7f414b56cf17

SHA1
c3f4f2d84cc9ee4f8f7e3cd9d2b089d0c6a00fac

SHA256
8046a9a6c5e1ebc579ac97fba84831cbe94dd373727388702380ffd2e6037b00

SHA512
3f03ae7ecbd420948b4b90a907cb61ec1cbeb2dcbe521341aea282597f12d09500f2640e0870c8174dd63e48a633ba45f5106104f4f73cb307957c3e226b8a9b

Download Submit
C:\Program Files\Jellyfin\Server\clrjit.dll

Filesize
1.2MB

MD5
a132f86555377d05ce2890fa580e5c99

SHA1
6f67ab46f600e3897938788d2c1aaf42547fb9af

SHA256
0aa8ca64cc474fd3f680a9110e723b72f5340215c8be9e4a6f2336f84d7cb1f1

SHA512
00305d325c3396f07ad1860ed1daa4c2004abcfcde3b5a204b622aabd0a2b7a77e569135e0c00b5bd130e3a89f39d26940bdd999a6506cde1aaf6c69c51b388e

Download Submit
C:\Program Files\Jellyfin\Server\clrjit.dll

Filesize
877KB

MD5
08ef6eb4ec080a78fdcbf42933ca8a48

SHA1
78501efb9b3fbe7bfacd8d3ce5814fff71dae54d

SHA256
398509fe54cb67ef90e8fc9d8f954cec59998e2958505efad73e87f1332c4abe

SHA512
af563ca84c28fd69b640ab9e5cad8a4ecfde5f1db0a292ada6c05a4cacc72d970108868e4cc570e5181dadeb9ec508dbf35a34c1aa962e02c851b6ec28cbe4b9

Download Submit
C:\Program Files\Jellyfin\Server\coreclr.dll

Filesize
1.0MB

MD5
ea9a580290ccede9bf5ccb8005878920

SHA1
f53961b7f73f26341aa65a410f8f36c2147cc4bb

SHA256
10cbc6adaec6531aca6340981a02e1c9e3d226eed136af26758de4dd1bb5817d

SHA512
a7e18534079aa3ad7b732a3a21f8c73024089bba1c5a7bd02c79dafc9b0eb40e919a7b364cb4474b84df45957d9a2f4a4cfe28e37173b4768e41e192011413ad

Download Submit
C:\Program Files\Jellyfin\Server\coreclr.dll

Filesize
1.1MB

MD5
0b01afcde1158d7d517dcbb5a9cf46d8

SHA1
f0cf3816f094900c31215fa6b6b69934655f66bc

SHA256
030aa0bb1c3200bc33b0f002fed545c7f3d387de05579a0d7ede1f682424f08c

SHA512
9e21a1774702da4658858626cca8ceb542e63cffab84d8e0a5e6370077c8180a5e4c10ce2fb50b341e14c07975614e4cdf68a1f3a0b35b1e7bc74ee9d2dd31f1

Download Submit
C:\Program Files\Jellyfin\Server\hostfxr.dll

Filesize
369KB

MD5
ee507878a7e2579d2bfda2d03fa84465

SHA1
4e9c9ff4f2672012612ff9f27ade39fa264d337b

SHA256
0b0aed1f8f291cc81d2334b649837ca1d0f13d14d58fbd19cf3a282e80f299e1

SHA512
569e1036c930a401983747eb9d7c1aeff71e359d7d2e0a301479c255f24fdfb9e41b3585b0918dbaac12e2b5afc3f5710455fae1222adde763850e0364cc01ea

Download Submit
C:\Program Files\Jellyfin\Server\hostpolicy.dll

Filesize
384KB

MD5
19167bb1ae169e319e62aa8a11bf2122

SHA1
4b7942151c595ffa3b23a2a954fe89823e34c8a7

SHA256
b6fd2e79738e993263efb4553ed9a94b98300c543f7c0d38a0bc7bceae9fc2ea

SHA512
599e1c792490b0e9a95be06224486c0c694bd2a6d5970459875c802a7143ebdd727f1f7f316282afd64934d5d6932b91fe22a518000f0ef930140a0e7aecfb2c

Download Submit
C:\Program Files\Jellyfin\Server\jellyfin-web\UserPasswordPage.e6b5bcea2de7832e7808.chunk.js.LICENSE.txt

Filesize
254B

MD5
dfa7a9b54c32820ecf32286616324db5

SHA1
1fdfa4de38fd6008d6159c9d44ca1b12a0e701b4

SHA256
a8253b45054e2d65ec86572a2798a199c0e320d8c3d3256f6d0d3b08d9a46cff

SHA512
29648118cd95ba9b5e2c0eba3b4ca7e1800dd5cf3e58c1ecb721a7c1b2cc38354103ac380243e098a78dccac9ff02d4ba239e9ae9195c9897ab33b5c273bcbb9

Download Submit
C:\Program Files\Jellyfin\Server\jellyfin.deps.json

Filesize
126KB

MD5
b74f5c877129d4688b9c0d883a292916

SHA1
15a73cab93244528cc3431588de78f36c4d1e603

SHA256
cd0a630a544fda2b03dfb0f6cc82f8003fcf6e554f1d0eb568a4daf72bf4f19a

SHA512
0001f5e76a24e6f1ce4cfdb2f5954ff05378226791576e37beb77e5516a4086509577c20dd1e22c3c58e643300ee182944822881694cea7fbd3229131f7b47af

Download Submit
C:\Program Files\Jellyfin\Server\jellyfin.dll

Filesize
129KB

MD5
ef0f9c6dc8a6c199c927ff94fc6e9f02

SHA1
7e7ee90cb84569f06324109db24dced7ca1557cd

SHA256
e0c0c38835277964bdce5da3c7a915b17d5f9b254315c7e47f1e41b74b02ec5b

SHA512
df05901da72acfc838c1163bfaf9dea4c2a4957e11922494c074fff6b6d1d324145e02a52d285be07fcaf5b70a0fef964ff8b6dd67d81f98dfe7c92a0e88a610

Download Submit
C:\Program Files\Jellyfin\Server\jellyfin.exe

Filesize
144KB

MD5
9ae4e256e34103ca01b2fbd2ed1ecde6

SHA1
34657c31f11e5b2f01fccdb8f2c524fefe0f8d5c

SHA256
15340a464bd93d0ae7c7e08dc7e9b1979e2b3fea4be078a5624ac9050870f7dd

SHA512
cd0a25ca2cb536100e9114a426ae7090abc0d21520f0bfd09e0a396881c386069eb61e19a671f30ea2812c95eefed44a5a424e9510ece7a903f8d3cd75a3d0e2

Download Submit
C:\Program Files\Jellyfin\Server\jellyfin.runtimeconfig.json

Filesize
548B

MD5
c9b788e3dbc43ea9d006ad4149e4fe43

SHA1
21058b14f628957e54a71d9709c02552325a1122

SHA256
0a8d5255deec8582b2366eb063e6bd2a33356f8736bc61e65cfe4b63552af652

SHA512
40249b49ade23395905dde0e1e9a82d4504168c52613f2bbf7ef7f4b9709e6ac22d1bc1166f9e75f22dc4dd956ccd141f13401d38309e86b05475558f37595b8

Download Submit
C:\Program Files\Jellyfin\Server\mscorrc.dll

Filesize
143KB

MD5
4e9dfc286b3d1a5123e68aa937da21cf

SHA1
faeef31d79135c8e38744b5b0d08fdaa101776d0

SHA256
642f650fd5d3520dec37c6ecb96f6566d45b81ea196cd4a293bc33c12a612743

SHA512
32b77bb9fb0cd5b7057663dfb8c750db266965de7df866212600d1afae14d106c26ddba9c1f60b191f42db0ca01e3e9ebf0d429f47f5dccdf72a6f5c2306e704

Download Submit
C:\Program Files\Jellyfin\Server\netstandard.dll

Filesize
99KB

MD5
5145d8b41dd4931643aae429e419ba5d

SHA1
0ffbd06faa437272c4864cb2424bea65d4767bb2

SHA256
777f8437dab531414e54893d37a3c06bd08e746dea7f92ff33a2bac6ee58d4df

SHA512
f76077bd23f202e44a17d062ffb057b31ecebd431245536b92b6bd2a4d81547f8db95b88c985d8dd386027ddc6cdebeb67183b9db448ddd80be1604a56c24122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
38KB

MD5
fb9ac7d97c0b964061a08e720aee7ea6

SHA1
fd1f720fe1794419b7ae052f5230543db8789e12

SHA256
01d556a0b7c5af81d3ac693431d45d75d41ddef3a68a44c55c11def5fdfaa9d7

SHA512
979753d5b83f5eee6e51425150695bef3ef97839ad3ea77c3baf0d226f118d761e3d6e78a17450a9a6e230408b920eb9cd7b7ade80afadfcef494b01cbfa47fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ca87dab4e6c2c185c5c42d6b6cb17c8

SHA1
bab3e4fb043c795cf193f4bab4116d7c06840765

SHA256
a2690022d1af40e754a5bcc454ccce6e94e57d12ce7b2a7778e24de99e645426

SHA512
4677b6598389309779b32e580cd0348b9a3562e2d7ba66aa1feed849d535077ba78b85210e10f87b5b6192e4c128c24a48fecc194aff1103d45438ee01fb2f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f7ff888b985cbf987d079cb445e503c

SHA1
719b437d67675e408c7494964ead915406fcc024

SHA256
3a132e8dc4e7c0290b73dea44d9e6b8cc0278ad03d68d669ade28830a159d7f0

SHA512
bc49fae7badc78e11ea1ed988817fa1dfc5bae77817cdda758a6edf20b837d956fe3e54e18091ae4ad2f59e145738558b23b215c6a1048463786fd658cb3851f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7395735192cd4a32c558b0a52ed1d85a

SHA1
fc2ab0d22a62211b26809b656876f3411c73b079

SHA256
8c3db7050099c434c8b3b20f87f583f68ed13734901b0c8be8a8bc90d8e259f3

SHA512
bb3e1d8f5282dddd2176ea716103d2118e9288302b28f0ca871bd94997fc14bf77320195a9bd846002ffde72d4cbb4ffc0a2b04b94055fb4467010442b871519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2357bbaa5ea62b9819b6778713dbe158f88736cf\index.txt

Filesize
87B

MD5
e11ec79e5bd128a44b458c6a79613993

SHA1
f784d87d03b53e728d6709f80e1c59f2c1797473

SHA256
2282ffd5c0f45d2a011a2987c969eea2ff24e1e8a9911bd465b5eca6413b48d0

SHA512
5e9b2d5159d6e4eb3d476da4ec07a0a72e2a909c01eab176967f557d43b3095bc0c5c857775f346ff095947cefb4ba0ed1bf39b2dcdcbd7874a8b68cf5f05321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2357bbaa5ea62b9819b6778713dbe158f88736cf\index.txt

Filesize
182B

MD5
0dc6cff17dc9b03d96fea14f5e7f7bae

SHA1
ecfba25ba2d19fe2a260eda1e2f2c4904cdfefca

SHA256
1195dca6689ee00cb030c90fa082587375a2786bb1921f3d666f2055354532c1

SHA512
ce6b0dd01e8eefee2aec47283c25e351f27dc1b5b5d46ccc727047d87322f1833980b0ce9359349a12488271da2214bb42216c7a4e396d64ec93931d78e2db69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
33bb69ad3f0a13b5805df2df3aa0d0f1

SHA1
04afe4e15faf961ab918b1bd7d2d24744a464587

SHA256
aeb8680affd42972923aa060161d69d2ac2fb78f26fc3b0a59d6564ab7ae0857

SHA512
f1feb66e5dde430861871c74e055c23d6e47d4266a8bc5582301494cdd584f7b3bcaa2bbab8f9e439f239dbdc3dc397be77f8e2c9067d8b2f580561d875c8f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
afba58bc55849600007f32bf87c40b47

SHA1
8c0c208ec90a24549f5001021c7d3da0461ee03c

SHA256
ee6cf51914919ef9c85d94fcc68f6999e21f008c5979cd81b2d9c1f57c9f3195

SHA512
5edf5dc9127519c1b026e33d51aa9e1499ec32bfc728c9a650f01271a4c686416610ecaf1ba069b7a07c55d49cf22ebaffa25045a730d138302afa52a010cfe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5a77f95110d34a5ebba893f3625af2bd

SHA1
2ce2e16db27c22635fd6da32f984d1b44448df01

SHA256
0ee6bb00f32bde78f2a3c9fc4f8b1b8b3ee041a18ee7abcbf30f14b6460c6a86

SHA512
385fcb721edef3aa85d8d8e4f10644d50f11395ae9e9d88c53c115f98de7c261e34581a2cfea40495deb35fe72ec8252af832fef38994715e6133919a38bf7d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA50C.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA50C.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
memory/1368-2198-0x00007FFEB8F80000-0x00007FFEBCF15000-memory.dmp

Filesize
63.6MB

Download
memory/1368-2206-0x00007FFEC1950000-0x00007FFEC1A94000-memory.dmp

Filesize
1.3MB

Download
memory/1368-2205-0x00007FFEDCD10000-0x00007FFEDCD3B000-memory.dmp

Filesize
172KB

Download
memory/1368-2204-0x00007FFEDCD40000-0x00007FFEDCD6C000-memory.dmp

Filesize
176KB

Download
memory/1368-2203-0x00007FFEC1AA0000-0x00007FFEC1CD4000-memory.dmp

Filesize
2.2MB

Download
memory/1368-2202-0x00007FFEBF150000-0x00007FFEBFED9000-memory.dmp

Filesize
13.5MB

Download
memory/1368-2201-0x00007FFEBFEE0000-0x00007FFEC0B9D000-memory.dmp

Filesize
12.7MB

Download
memory/1368-2200-0x00007FFEDD600000-0x00007FFEDD62A000-memory.dmp

Filesize
168KB

Download
memory/1368-2197-0x00007FF678E40000-0x00007FF678EA7000-memory.dmp

Filesize
412KB

Download
memory/2844-2416-0x00007FF678E40000-0x00007FF678EA7000-memory.dmp

Filesize
412KB

Download
memory/3408-2283-0x00007FFEDDB20000-0x00007FFEDDB4A000-memory.dmp

Filesize
168KB

Download
memory/3408-2299-0x00007FFEBDFB0000-0x00007FFEBE0F4000-memory.dmp

Filesize
1.3MB

Download
memory/3408-2254-0x00007FF678E40000-0x00007FF678EA7000-memory.dmp

Filesize
412KB

Download
memory/3408-2298-0x00007FFEDCD00000-0x00007FFEDCD2B000-memory.dmp

Filesize
172KB

Download
memory/3408-2255-0x00007FFEAE200000-0x00007FFEB2195000-memory.dmp

Filesize
63.6MB

Download
memory/3408-2294-0x00007FFEBE100000-0x00007FFEBE334000-memory.dmp

Filesize
2.2MB

Download
memory/3408-2284-0x00007FFEBE340000-0x00007FFEBEFFD000-memory.dmp

Filesize
12.7MB

Download
memory/3408-2285-0x00007FFEAD470000-0x00007FFEAE1F9000-memory.dmp

Filesize
13.5MB

Download
memory/3408-2295-0x00007FFEDD600000-0x00007FFEDD62C000-memory.dmp

Filesize
176KB

Download
memory/3428-2232-0x00007FFEDDB20000-0x00007FFEDDB4C000-memory.dmp

Filesize
176KB

Download
memory/3428-2218-0x00007FFEAE200000-0x00007FFEB2195000-memory.dmp

Filesize
63.6MB

Download
memory/3428-2239-0x00007FFEC1B90000-0x00007FFEC1CD4000-memory.dmp

Filesize
1.3MB

Download
memory/3428-2233-0x00007FFEDD600000-0x00007FFEDD62B000-memory.dmp

Filesize
172KB

Download
memory/3428-2231-0x00007FFEDCD30000-0x00007FFEDCF64000-memory.dmp

Filesize
2.2MB

Download
memory/3428-2230-0x00007FFEBE270000-0x00007FFEBEFF9000-memory.dmp

Filesize
13.5MB

Download
memory/3428-2225-0x00007FFEBF780000-0x00007FFEC043D000-memory.dmp

Filesize
12.7MB

Download
memory/3428-2224-0x00007FFEDDB50000-0x00007FFEDDB7A000-memory.dmp

Filesize
168KB

Download
memory/3428-2217-0x00007FF678E40000-0x00007FF678EA7000-memory.dmp

Filesize
412KB

Download
memory/3516-2189-0x00007FFEB8F80000-0x00007FFEBCF15000-memory.dmp

Filesize
63.6MB

Download
memory/3516-2192-0x00007FFEBF150000-0x00007FFEBFED9000-memory.dmp

Filesize
13.5MB

Download
memory/3516-2188-0x00007FF678E40000-0x00007FF678EA7000-memory.dmp

Filesize
412KB

Download
memory/3516-2190-0x00007FFEC1CB0000-0x00007FFEC1CDA000-memory.dmp

Filesize
168KB

Download
memory/3516-2191-0x00007FFEBFEE0000-0x00007FFEC0B9D000-memory.dmp

Filesize
12.7MB

Download
memory/3516-2193-0x00007FFEC1A70000-0x00007FFEC1CA4000-memory.dmp

Filesize
2.2MB

Download
memory/3516-2196-0x00007FFEC18C0000-0x00007FFEC1A04000-memory.dmp

Filesize
1.3MB

Download
memory/3516-2195-0x00007FFEC1A10000-0x00007FFEC1A3B000-memory.dmp

Filesize
172KB

Download
memory/3516-2194-0x00007FFEC1A40000-0x00007FFEC1A6C000-memory.dmp

Filesize
176KB

Download
memory/3640-2101-0x000002B9254F0000-0x000002B925500000-memory.dmp

Filesize
64KB

Download
memory/3640-2100-0x00007FFECC0C0000-0x00007FFECCB81000-memory.dmp

Filesize
10.8MB

Download
memory/3640-2099-0x000002B90AE40000-0x000002B90AE9C000-memory.dmp

Filesize
368KB

Download
memory/3684-2207-0x00007FF678E40000-0x00007FF678EA7000-memory.dmp

Filesize
412KB

Download
memory/3684-2210-0x00007FFEBF150000-0x00007FFEBFED9000-memory.dmp

Filesize
13.5MB

Download
memory/3684-2211-0x00007FFEC1AA0000-0x00007FFEC1CD4000-memory.dmp

Filesize
2.2MB

Download
memory/3684-2208-0x00007FFEB8F80000-0x00007FFEBCF15000-memory.dmp

Filesize
63.6MB

Download
memory/3684-2209-0x00007FFEDD600000-0x00007FFEDD62A000-memory.dmp

Filesize
168KB

Download
memory/3684-2213-0x00007FFEDCD10000-0x00007FFEDCD3B000-memory.dmp

Filesize
172KB

Download
memory/3684-2212-0x00007FFEDCD40000-0x00007FFEDCD6C000-memory.dmp

Filesize
176KB

Download
memory/3684-2214-0x00007FFEC1950000-0x00007FFEC1A94000-memory.dmp

Filesize
1.3MB

Download
memory/3684-2215-0x00007FFEBFEE0000-0x00007FFEC0B9D000-memory.dmp

Filesize
12.7MB

Download
memory/4260-2342-0x00007FFEAD470000-0x00007FFEAE1F9000-memory.dmp

Filesize
13.5MB

Download
memory/4260-2397-0x00007FFEE4E30000-0x00007FFEE4E5B000-memory.dmp

Filesize
172KB

Download
memory/4260-2307-0x00007FFEAE200000-0x00007FFEB2195000-memory.dmp

Filesize
63.6MB

Download
memory/4260-2331-0x00007FFEE4E90000-0x00007FFEE4EBA000-memory.dmp

Filesize
168KB

Download
memory/4260-2332-0x00007FFEBE340000-0x00007FFEBEFFD000-memory.dmp

Filesize
12.7MB

Download
memory/4260-2400-0x00007FFEE4E60000-0x00007FFEE4E8C000-memory.dmp

Filesize
176KB

Download
memory/4260-2399-0x00007FFEBDFB0000-0x00007FFEBE0F4000-memory.dmp

Filesize
1.3MB

Download
memory/4260-2306-0x00007FF678E40000-0x00007FF678EA7000-memory.dmp

Filesize
412KB

Download
memory/4260-2394-0x00007FFEBE100000-0x00007FFEBE334000-memory.dmp

Filesize
2.2MB

Download
memory/4752-2180-0x00007FFEBFE10000-0x00007FFEC0B99000-memory.dmp

Filesize
13.5MB

Download
memory/4752-2183-0x00007FFEC1A60000-0x00007FFEC1A8C000-memory.dmp

Filesize
176KB

Download
memory/4752-2181-0x00007FFEB8F80000-0x00007FFEBCF15000-memory.dmp

Filesize
63.6MB

Download
memory/4752-2182-0x00007FFEC1A90000-0x00007FFEC1CC4000-memory.dmp

Filesize
2.2MB

Download
memory/4752-2179-0x00007FFEC1CD0000-0x00007FFEC1CFA000-memory.dmp

Filesize
168KB

Download
memory/4752-2178-0x00007FF678E40000-0x00007FF678EA7000-memory.dmp

Filesize
412KB

Download
memory/4752-2184-0x00007FFEC1A30000-0x00007FFEC1A5B000-memory.dmp

Filesize
172KB

Download
memory/4752-2185-0x00007FFEC18E0000-0x00007FFEC1A24000-memory.dmp

Filesize
1.3MB

Download
memory/4752-2186-0x00007FFEBF150000-0x00007FFEBFE0D000-memory.dmp

Filesize
12.7MB

Download
memory/4940-2125-0x00007FFEC7E10000-0x00007FFEC830E000-memory.dmp

Filesize
5.0MB

Download