Resubmissions
14-06-2024 11:00
240614-m4d7jsxfrc 314-06-2024 10:50
240614-mxppps1ekk 314-06-2024 10:39
240614-mp8gvaxbjc 311-06-2024 10:04
240611-l3yn5atcmn 311-06-2024 09:55
240611-lx1arssfle 611-06-2024 09:53
240611-lw1j5staqm 311-06-2024 09:45
240611-lq65qssdmf 311-06-2024 09:44
240611-lqm2vsshmp 311-06-2024 09:43
240611-lqfb1sshmk 311-06-2024 09:41
240611-ln4a3ashjj 3Analysis
-
max time kernel
685s -
max time network
692s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
12-03-2024 10:28
General
-
Target
b28242123ed2cf6000f0aa036844bd29.dll
-
Size
87KB
-
MD5
b28242123ed2cf6000f0aa036844bd29
-
SHA1
915f41a6c59ed743803ea0ddde08927ffd623586
-
SHA256
fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
-
SHA512
08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
-
SSDEEP
1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
Renames multiple (1486) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file 1 IoCs
-
Executes dropped EXE 10 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
NTFS ADS 13 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 28 IoCs
-
Suspicious use of SetWindowsHookEx 15 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 4603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3724 -ip 37241⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff906973cb8,0x7ff906973cc8,0x7ff906973cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3408 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3516 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5632 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7548 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7728 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7992 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8096 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8116 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7476 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\LoveYou.exe"C:\Users\Admin\Downloads\LoveYou.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\LoveYou.exe"C:\Users\Admin\Downloads\LoveYou.exe"2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5648 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,10442771111483062722,15911555204587048896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\Ana.exe"C:\Users\Admin\Downloads\Ana.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AV.EXE"C:\Users\Admin\AppData\Local\Temp\AV.EXE"3⤵
- Executes dropped EXE
- Modifies system certificate store
-
C:\Users\Admin\AppData\Local\Temp\AV2.EXE"C:\Users\Admin\AppData\Local\Temp\AV2.EXE"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DB.EXE"C:\Users\Admin\AppData\Local\Temp\DB.EXE"3⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe/c C:\Users\Admin\AppData\Local\Temp\~unins6812.bat "C:\Users\Admin\AppData\Local\Temp\DB.EXE"4⤵
-
C:\Users\Admin\AppData\Local\Temp\EN.EXE"C:\Users\Admin\AppData\Local\Temp\EN.EXE"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\EN.EXE > nul4⤵
-
C:\Users\Admin\AppData\Local\Temp\SB.EXE"C:\Users\Admin\AppData\Local\Temp\SB.EXE"3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe"C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe"1⤵
- Adds Run key to start application
- NTFS ADS
-
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe"C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe"1⤵
- Adds Run key to start application
- NTFS ADS
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Ransomware.Cryptowall\cryptowall.exe"C:\Users\Admin\Downloads\Ransomware.Cryptowall\cryptowall.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 4922⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5420 -ip 54201⤵
-
C:\Users\Admin\Downloads\Ransomware.Cryptowall\cryptowall.exe"C:\Users\Admin\Downloads\Ransomware.Cryptowall\cryptowall.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 4882⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5484 -ip 54841⤵
-
C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Drops file in Windows directory
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Petrwrap.zip\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.bin.gz"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe"C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe"1⤵
- NTFS ADS
-
C:\Users\Admin\AppData\Local\Temp\svchost.exeC:\Users\Admin\AppData\Local\Temp\svchost.exe2⤵
- Executes dropped EXE
-
C:\Windows\SYSTEM32\cmd.execmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys7930.tmp"2⤵
-
C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe"C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.funFilesize
32KB
MD5829165ca0fd145de3c2c8051b321734f
SHA1f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e
SHA256a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356
SHA5127d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb
-
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.funFilesize
160B
MD5580ee0344b7da2786da6a433a1e84893
SHA160f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e
SHA25698b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513
SHA512356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba
-
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exeFilesize
283KB
MD52773e3dc59472296cb0024ba7715a64e
SHA127d99fbca067f478bb91cdbcb92f13a828b00859
SHA2563ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
SHA5126ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
-
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe:Zone.IdentifierFilesize
86B
MD51d726d00a7033a5dab753d6012eee269
SHA10eec68c618a8c4d44299dfb8415b9add0eb03863
SHA256fcce59c5531bcd9542bc0fcd0427669e9527e71384a83a31199d91f157a01928
SHA512c50f27a7ed7f26f928fe740d4086c863e7a3c5e86d85cd99ccb83534e6d58b662cd0e4608ac4729774d7028cd4b62e38349e94c67c80a8ecec9c5d637b1b0a3e
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\jigsaw.exe.logFilesize
430B
MD50f8cc27b4ec8bee2903d3969f1ad8e13
SHA1a81031f14b00befd6efca920a59b7e0152fb636b
SHA256abe5fca3a6b5c786e6a09485fadfa3afb526a3b2370908f68fd326711a80052f
SHA512d089107231bf46f4ef36987f4f9e4378391f2c8e783e79dce4e5453faf3659f35f5451fc236d32bba2ccca06bad85ce935bae7eb927591f239a6b767b5819380
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD596899614360333c9904499393c6e3d75
SHA1bbfa17cf8df01c266323965735f00f0e9e04cd34
SHA256486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c
SHA512974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD519a8bcb40a17253313345edd2a0da1e7
SHA186fac74b5bbc59e910248caebd1176a48a46d72e
SHA256b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e
SHA5129f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002Filesize
32KB
MD5ef8fdc38e0124e0426851471a60ca710
SHA1ba520c090833747e8c57df9d76ccb6c812ae20e9
SHA256afd5f10e26bd1eb2b67c8f10e3c794c5641a18f0fdac7a2fc33831a16162fef1
SHA512c173e39bbaf4cd35a422ce49349c63f40c51fb5be56ec6934d6a4ec5c817c453a21db6f2a3a645ca1f72aaaf4d524224ea58f7a0ed0a73e9e2aaa6a48c3628da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003Filesize
69KB
MD5a127a49f49671771565e01d883a5e4fa
SHA109ec098e238b34c09406628c6bee1b81472fc003
SHA2563f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA51261b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008Filesize
1.1MB
MD56fa864cce0000aff0d1afa54513940f7
SHA138fbf15f58e009976387165f49d3273f4a1b5037
SHA256a692ca9498ec28c5b2a01c28d0d14fcd5039b753c34b3f18c2d35424fb04ec6c
SHA5122eb612f54d3f2deb2a88ec465ac4c279bf1306b4ef5d251540356b5e0904b20fad8f0f4d4739b9ef32143ef3337917d499d1146bdebe9d7c687cf65a867ddb33
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009Filesize
33KB
MD53cd0f2f60ab620c7be0c2c3dbf2cda97
SHA147fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA25629a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000aFilesize
74KB
MD5bc9faa8bb6aae687766b2db2e055a494
SHA134b2395d1b6908afcd60f92cdd8e7153939191e4
SHA2564a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000fFilesize
24KB
MD543dac252d21bddd2477439e023621c6c
SHA1a7a81cd955811fd15dad91f443e0880d7aa08d79
SHA256fedd9610bd4c2237de2d9eebba3143424967690767ba25ca7ab369f7aab3bb4a
SHA512cc5aac6a7e47a0548ebc9a606eff04d175e1c76844160069bf4787349be6fe897cffd1444f9c00dddc214502ebd5a8ab97a1527d219679af894a28858de40fc3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010Filesize
44KB
MD51965b62e56b6d4757d9e0d74c86dad04
SHA11c1c809a61758adb130d0ced642d2d1c27840f4f
SHA25637e4da4156be306303e3457c6a903e741bee2d8824042f941dbdfb8a1b762b8c
SHA512228623aeaa3931d49192b2fa4eefa9fc81f04c1ffe008858801313914454b7443bb3dda2c01d8242e5e47641bfda5fb66b75067c7d789859d4f7219d35ce5fae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011Filesize
49KB
MD593ab4cf70b3aa1641a4b258c3fe03f24
SHA1cba2ddecb8e019e6e5a91dcf867c6d6094f39b63
SHA256d6c2f9f2bb35841cdb53abb660544e6e6f44e39d6542323992cc1c63e998fa16
SHA51270fa907afd9b52ed54a3cf755e394c40a3ff7a83041540b435cba47d889c1c9401afc9fb23a5e879d85bed42fd5df40cd7540d428b3ee7a9cdc278a314770884
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012Filesize
22KB
MD56c0d7b869b0581b57bfa61f385c2ea91
SHA1c26d2c58a8b6cd2843ab8db8cd48ff8960bb9daf
SHA2565c9fa7df7f446408d1aa91e9ab4d445b0be2ba4adc316c0bfa5a19cb0376b1dc
SHA51211f7883bf9d439c48343639fd610fb7b1015179ea434c0aa5e3282f9eab24dbd3e5aee3f4fa8d65e130bf8938c10bf790f29b4c9f4f476f2fa7cb176fc4e191d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013Filesize
20KB
MD58b2813296f6e3577e9ac2eb518ac437e
SHA16c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014Filesize
63KB
MD5aa6ffba997d9e6535da1a2c26a004749
SHA19ed525230c4bccae34454a71adf723fb7479b53b
SHA256db0eecba023386f47ac57fef8a8cdab5f12e04637da91c13b81b8b60b43025d0
SHA512ba7e79b263af9d9939059a28d7c73683f9cdb2c9a986adc54d8ad54d28e237c2b0f88010a4829392addb3be5a8d08923cd5931a71ff7558eee9e4b6007273d2b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015Filesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017Filesize
21KB
MD58dfc532e4fb1dcd5fabb281a41b18a8b
SHA1eeef1efed07e037188b6a88e040cef9d175e4c18
SHA256d50c49fda5ece17150089c9b62692c9fc3816e51c0b865f70ec2284623480c4d
SHA51270c8fa64286f7032b9047ab206453c3a38af76601dfb50c322271a6458a26bc239e483d2458ba323c4abebd39f98e97d9c6207225a3081fdfec16ad73eaa7c7a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018Filesize
19KB
MD5b40fe3681897daf8969be1ddd709836c
SHA1419391849295d7cf72b5b00614b6a7affb5045e6
SHA256f1a4474530b043b092e9cf6a8aff78de1320d8598961f93daf41087412258b4e
SHA5127a0bebab2282ab2b69d060ef4cd4560e33202d5ec91dd27e2c08b0286c9594cd75ca1aca494f57d1a03e08a4f2985c41ad8324538fffa6664e7737e21058a298
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019Filesize
19KB
MD5a22bba8496b44ce03e78393762962309
SHA1e40a5c761e2752898bff478212e73423720e62e4
SHA256cc755756eafdc0478fd311c22224aacdd9422bb756c75e134bf7ecc12340db42
SHA512283dbb5b1091232602b9ef06e0c1246c9928407bde42d6d3d88bd95a5416aa8e49036674e401f76d8d7c074ffbdc30b1c52f6417415b54e4c07d8b314d98ad77
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001aFilesize
59KB
MD5063fe934b18300c766e7279114db4b67
SHA1d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA2568745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA5129d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001bFilesize
23KB
MD577a781823d1c1a1f70513ffeda9e996d
SHA160776ceeb79ed41e7cd49b1ee07b1e09ff846f25
SHA256b093599957b103def2cc82ffd2d42d57a98292ace5a6596e3e4439a6cce063b2
SHA5129aa66273ad419e1fc4ee825ec9e9fea4297139eca060572d3f59ed9bccbf2e1dbd03a006a0a35c6d37196e8297ec9a49fb787f0a31c3772b17911603eca62aac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001cFilesize
153KB
MD5ce9fe310a8b8ed92ae2c8472ff3b59ca
SHA159b1ef50b9181ea7b2ff15c6b3aee5b5b9d1e637
SHA256886630a4fffcd5467a13460abee5fe70b262befa51b6353ea902a02e8ce112a1
SHA51231c68e2fd65c6bad73ec409e6ddd9b1593bd3ad92ed5af979752ab4cd41bcc2f896a9be992c6ceeb232db9687c57c0abd3e35185c1e84199e6e87aeae84d099b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021Filesize
84KB
MD5d7d0b83cb8d1f9becd1971cc3dd51499
SHA1b830bf9064973756296387eae24a8e09040e1216
SHA25621b721a5f13a354b5cc399651652ec244af234a10205e80877f1eda91d1922c7
SHA512f915e3919577a44378f5fec0531a9a50aecbd80bdfcd194574886d0aff1fa378da29f6441b0cf79a647bfbc6a3f2dd0202829ff537fcc0aa314b26c78f5d4f0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002fFilesize
1.1MB
MD56884a35803f2e795fa4b121f636332b4
SHA1527bfbf4436f9cce804152200c4808365e6ba8f9
SHA256cf01329c0463865422caa595de325e5fe3f7fba44aabebaae11a6adfeb78b91c
SHA512262732a9203e2f3593d45a9b26a1a03cc185a20cf28fad3505e257b960664983d2e4f2b19b9ff743015310bf593810bd049eb03d0fd8912a6d54de739742de60
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e640b4692779d06a_0Filesize
1KB
MD52dab1e7892df6584ec88afe2dd28cd89
SHA1aa05f4dc2e5a962cdd83d0720f8c9c2e121270b0
SHA25614668f3e240cb7652dc84c6492d7e9cd2e92c0b8da68e7dbb3ceda58041df249
SHA51286dd3d0424784a1ab74eb60d23490e7d36991a402b7aefb3469fbd8841afcab277e23b93791368ac90ec04e2cf19ba5fe74f265ccfdcf04cce6daaaacc4e358f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD5852b8030549f2a9efb105bd61642a2ec
SHA1bf26e46fe63630a42e5282ca052a8e61b578ee9d
SHA2560147c13f76fbb6f3a2a91ddfc1f84937bfd6075a2f025201c4ce12e1a4cb93f1
SHA51223950479c9db735dadf56a921116eb8028475193d0faef0853171c9ed065ad745746f2b0fe89b3afbd65af3eaaa127859d185bac8d9186d31cbe8160814b2b8e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD5b4e4e396a25054e5d5ee8624fcc01646
SHA195ef61d968e794a17865a9d91838c7d6fee0c579
SHA2560a8b4ddd31598f20eaa19a2a8e74b398d98f4701299531559a89a23f3f166870
SHA512be07b024eb8038057434377493e723c238642206d44c1343a3c95696770a9ce7a61b49027f4f37dd73627c62d5a430fb123451bffee04b7d2062faa6c78a6661
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD588392e2b110f0534e1edbe48770380f5
SHA1742f9160564935ad87cecea4db3a7479514ce774
SHA25629f3d464423e87815b032c99d204b639f63a79c6159b88d59d6abbbae807a4e1
SHA512c24223a73b47ed880a70ef7dd618d43bc89b7938edb18f34f9b10389e1a97469561a938c0253110ec0b098431dcfde3e85d526ac72e98edefdee7c91e615ccb9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
784B
MD5ddda86832c9fef922ddbd4ab0a3078ba
SHA179794645c16521ceb0051d63d1455fff60343e5d
SHA256776d8f14e8e871c68ec8ab37b69a75f77e2e2820bddb5ebaa1de94fc670fbd92
SHA51294f80ba941d1733f5153b246b3cdae95686b8c7fdd6dd9a10f1078d62484d859d93870ac222b78eb594b51a7befd6697962f2239f828fab5042fd62ebfa86bc6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5b4840c0dab00f7501c3d5897a42f1577
SHA17759559e87f47a99097cc25f77107ff7b82ce183
SHA256df87377059ab17be100d1bcab5f0ad67f595d4a8b4947c5d0952320c4e1b9962
SHA512b9571e28d32bbf0c93cb9b8ebed88032ee19103f7ebc27e9370d05cc8f93f1e224bd9ff347a48301903db2d49a6b30ea2caedd198795f6ae18d7b03da3c2609a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54ca7773d78dc739eeb2509614a50c813
SHA1d96e411d7c4eff40199b5fb68542487dd768c0da
SHA256f3c8bc9f290eaa1722811869de4b43341e8af94fc186a56acb9ee39cb80a3041
SHA5126f16e59300f5c03ea8207a6ec01ff073b0470c9a2c80ee52ff22ff823b87f195b487241366c53bdec088cc5425ff70820bf2f62e7a3cbf1114d97c9ac4cc0fe7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53e42a8485ab266cd6766020ea65a9807
SHA1407f7302b37923474d19487ed44ad2ca37f5ed70
SHA2569357a056516dd23515af3ada56bd403022c6974d674d785603f6dac42be16e1c
SHA512ecd9c41605be403364f57d043d3f1879fcebbf86d7f08d30435b0e9db37855a90b7954c229eddd4bc49467b4ec680ff3ef195ebf591d13f106ee44057affb041
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5d7f09eec1017dbeb8007b14a1bad2e27
SHA1ae4843c712f0e76af9ce53faa884142a0c449bc2
SHA25686b22d906febacb66f82f5d444d167e818c8223f26d1b48f457bb1d0aa6ac1f5
SHA512d311e60bc095eed9088301722f92668ec883691db8fb5e99cf599201cfa89ca73ecda9b221b7005a1f3c4375eb1cba22953ddabdee46bb7d70a9f8547249bf6a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD54f728ccacebeb698a0acd0544d1c073e
SHA189ab81448977800e98a219833ecea13b5511fd40
SHA25684ce06917d545d16ff8bd6060c6be83d55bc37f6a207d15f036cb55808461e2c
SHA512314510d5b91843af08ed5a15fd20ec7f60ea815187b5e300329d2e75c8931ac6ebe50155f9f2ce1afa5efcd850d453aad02d55da62442551ee39445fb4febfb0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5c6026771a147b189a8355120eed6ae8b
SHA1e1380362fee17f5a7873c4ebf1000a1b5c76aac2
SHA256a795e87d2127a82fefbb8e317b93c75194f3d3dd37ce6952b56f7ed84ecfb24b
SHA512be3e5f066a8438fe0e44796506de71ee5c73885c026ad0427afd7c134348a6497873083608af3a4eb6e0b4a1672c47af75b95eebac7d3b25824d5f239033e4ff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD50517565064670dc6d9cd58471844e827
SHA14a11ed2228461922cde13c8c9e65bbed1cb337d2
SHA256509571c6606a5c980706b0c7857d50a2f01b595a21dafa390d8ce45bc84147a8
SHA51268afce12c6e7979145d706277b326c90de2f6bcb4bd31f06927933de8bbe4c0c43d2e466a7ea6a1db7cb922d65ad23eb6e7a520b0f28724868f378ab8ba4149e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD585ac1768b425443488413f500a7363c1
SHA196b987ed05460e448ec0f611ebfb25954554f2d7
SHA25665252d4a5687fd479994e3f3735898d3e58a25083790a1506c609376e9f0ec19
SHA512018d0510628074c71dff9afab947468a562f20fbd6184ec335ce9db285c28a6f33734dc9af4e7b93ea6f1d9ae580026cd1132b524473a8bb531fcc5972fa6850
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD548c11e9ab6f62c23d31b5935227c75ff
SHA1b605fe417271bbfe1af62fd3c61581539f288227
SHA256740829aaeed813be83385a8ece6882b56a34177d1418ed84f269f03c9e90dae9
SHA51295b263cac59e2eb2546891f8a3fe3ce9f0e004a8e0c28ba8b35293406a4197e66a1aae57c152c84110c8bc88cedc61af4c74a5484c86b7bc95b6d063ddd4a11c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD512dc52a14456521299e8cdd76276a8e1
SHA12420ee5675b9f63de4fac9ca1fbc8fa1c0113e7d
SHA2563766da533e73e9292484a163f9fc13303fa9fb4f74255b3f2df9f08de88cb9b3
SHA5124d09ce17cd01e313dec8f88d162b32e4c70c2742f8fc7798c2a529bdeaaacf6de910e6785dbf7c0d908e372c0df0a02768f6244e63755e22c1e7b4e75517131f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD56249ed74f5347ad821c5743f31322b23
SHA19b8b2e693daaaf04d88fbd44cfbf63ce3ebd9cec
SHA25668c1e20ac014a0b73f625498465480e2cf3104891feb5d8390ab8d5012c7415b
SHA51219a726e686ceb2b7d62edd0f87bc102045d321d854fd57c2fd619051ed9e685019bfd56ae6f0d86c80e955881da39da5be8385ec997c2fc342d90d8146bae57f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c950fdb72678952d35c0921e5d0b7cf8
SHA1a503de35f93d1632b2a8c7ec3e4bb75c36c24cb8
SHA25671afa962ab54b3bf8f8fb3aaa665ffea6ccec31818bdc84336a641870b2d1c55
SHA512c54a0361b37b1b5e0c3b6da01be712f8f8b013ead2204089017dfbf2b250fed469cc9b96b5c2410a9f6a208af3dfa82c4b4765e7bdab0d76ec46d6bf2c3882b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e3c0faf3d1e615a832d71752f43236b8
SHA1ecdcf9303ea1309d9857d94b54a0da2277fdef82
SHA256d956449e5a047d64424e4bdd21d67d6765c3f27f560b8ee9aec1c696312549c6
SHA5122935d17f3ed88e15c79389d7552ad8d8bf7354524410af3f2230ef3534c64f69a50c2f84e81a80d7eb1c543277f8be3aa784c90248895efe55e3430e7027ba2d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD52fdb2ee7e895712b363a2d820e38d79e
SHA124f3233c173f73169863789163f0bb43a4067c35
SHA256561602414df6f0dfd817fecb3f31c0ce458cdf0cef84613b7296f8982bbb9973
SHA51239f99308ef9119a723cba0b3d21b3003f5288349b2f14be1ee198784bf70023e24993c7f5381da91ee379e2753e98fd673be7a35ac0df1706ccb0ef349af7f5f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ee2eeed124b82e84eacc158d8715ba8e
SHA1a1f567ea7985f16340fd715d186cff9f33822d48
SHA2566432db9189b43ac9d3a820e99b39bef65c41200a53f25866e29b8f4184e11d90
SHA51262f654a66ab6950e293ee17c8dba17ffa90a5373f5dc8989ffbc5efd34bfff58f133b0fac10670897ec5b456f849396bef116d100e47fd0aedb0279a52298ff5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5fbfbfcfec0a6f065aa19f94a642b2ddb
SHA10430b899154780f10a946bdf94b8b24d53e8cf1c
SHA2569c2ada6c7c557be242c57ccd28639ee9108a31b54c5a1631de2b5f404e9f67f1
SHA512f9fc32de0636ee7518b769af8afc22afd8aedf66ec828139e86d1cacffbb19462bc50ee2ceb3270494dbc2806b330601bad34e508bba4a5814bdd5940039add1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD50661c7438eac9cf0533d5d3866f50390
SHA121b31bfe06e9d39bcd3139db8a0df6dc041574e8
SHA2568c86ad8544399f06b0baefa6408af76e3bb225c951bfa030d2c869ea0889321b
SHA5128524d0283c907e79743db3a244529e12c31fd5bf9a8c13299a714e1ec7dad4b4ece36da94f42b3884c5e5a04f6f4bd3e39faaca1c91c32ede13762a2a0a92f9a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD56f26c8e6bb8438f20f0963ad57a84122
SHA122edb583445f845a355039a00644473becc44b59
SHA256ccb10f1c01494264a7311c95f48de6c8a843f89f08b09767c7519e41b5f88289
SHA512a81788a38c2e6400d5fdd97a91461316073e6fb57f5a56ae9a03e0752a0992df31086e046ca19bb353611cc16a02b05a9022b7bb115dda5aef2957c878a5180f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD51f27bed05a8971fbedc05adb82e12c0c
SHA107a316f6834ea9b24507ad92c7fc34935e5cad63
SHA2565b6e66a92bf34b54970ae835a02cca019ced7b8931bd7fb84ddbf2f0b4fbe10f
SHA512e7b95256bd4d99af02b15ac7bd2ef2ac2f9e2d1a1edd7091a66997b2674914210c6ae560ed93f2b6cbf5313552de0d6cd749bdccb6cf8de53071459ebc45a26f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD555b9000d42c457b71cf88900be4b140e
SHA1bb0befa76e1b86b20960a86c09fe04187f9a8020
SHA256140d2302432e086e6d1df7e2625480e8f004ae977c8e1ec89634d0a0af54a9f4
SHA5126b3db533ce1f6007f5a6289a321c6af46578dcc5ab2ecffd446fde08f72e7efca4143106331fde356c862591f9cb3d2e3e54c490629af0c2c8ec16261a7a99ec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5dc24538277e3cd962113e9e519aaf58a
SHA14d0ff0ee7e6a39cde2bcc1b2e69dd33c12556d79
SHA2561e2361d85b6d584e22b4bc3c21ccaa2a7a24752f08c6ac290d76bfa4f5ae034e
SHA512a87ca5729ce440f2e49205d2528d808271903555190f8a3bad4d9f935361680ba6694809e181c695c6fe50ae04f9ec871373f3b00e5e1f5275185d94fa7b79f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD562c924aebd55925726ac767b7377dbc2
SHA1c494b2dc34c3f64f629285eca8dcd0e50d62d5fd
SHA25646869fd091a90f7ffa4baff65d5d5061c52bec4646c8617a8b7fa83360afd193
SHA512b3c9aa0320a7e13b4edb9e28f6ab1dea243fdbc4b689ea78d051ea1756bb55fdfb5699ac1b9f01b6c7c4fde87d6a54c3f3a2e2c6f2fb65d95c357fae4f0fe29b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e62f25211bff3c5291970ea18c034785
SHA19dfab822201e1e031e5f57e7553f4e472864dcb0
SHA25660d7d23bca7cc5d4cb2eecda3f4f01b62ca487219e6c78eb87e7af8b60db9d8e
SHA512a033df06c212848470e3d7f0cc6ab3a840757eb813f8bc4a6aa352b294bc03a9b7e3c34267b8e6fc2e9c60a93d023e789f3397f4fae0908395c727812aca7cfe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD506ab98150e203833e368b307d0ae1edb
SHA101f1e09048de7dcdd5ee1d83d39318f9c53b7568
SHA256318390fe7f0498b82de772cbf5eec3f357df75893e4e3890cc42ad01391334cc
SHA512ce48ee6c909b9d7dfe937e1b28a7eae018085962b613f1e49070bd48502f586cec02c31e5c7993e9d76be78743263b3b393b2213de4f8a10362b80a75070f86d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e0143979494b76b1355128fdf65a7b5d
SHA1ea90fd643bc6f6bdf9c76dfbdde9cb21cbb4ef2b
SHA2561bdf81b49ce14515ad0ffc51c443aa30f73dd7c8f4f06da89d9e062a7b51f724
SHA5125df1ddb16a47cc356cdc1072afcbf7d12ab5601fcdff326a2a705492342e1d1e699a1719d5887e752ad0f76f3f28e3631eb0305410b289947fc02e8e7fbe356e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5fa2284edf6a9cb432a1348b5ed7633bc
SHA140980fc89546eccaa3bbee4170957627e302cdf7
SHA256170aee05c4c378b1f08d79ef6ae28c086cfe3bd3ef37af6a5a9b12081e53ea73
SHA512fc53b98ebf045c28b8012ec131d6366b98d8615e1eb1a927ffb9728b4520826eecf9583949e70be03edafef1daed4cd0de6a9366a0b4fd9eac119186b05cb3fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ee0140988f675580cec4247c8da640b2
SHA10c5781f4691670def20e042add3bddf13ac4d6b6
SHA256ff421d8daf036636934046655900ad5db72393a9fab0ce035a22597148971e78
SHA512d59f0226d77d9c1e4ae400425fae9e7b886dce57b37bcb5ff7d79e50984761ccbd8deb4c051126511294774afffb56319b1502de65dc472015222068744fefbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e9a4.TMPFilesize
1KB
MD5069d84a03b70b2f91bdf0181d0b88a41
SHA12087da3019dbc4d40e0e09b59b04c77a8130862d
SHA2564b85edc783019690cbb27ed9ee26034098560253f51bf660f5854071a0445337
SHA5122594069dd7cea8a27d307c9c706c48c27ccebe7acc968a4522a1de189e05683731a9c783cbea3811c3483a0d87d14628dc4b86be6b518718cb4b70db766d6b1d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD51de483ec34ae00922c74ff8e8e3d8cc1
SHA15ed12c51eee05b56acb71a176b16ecae50e7702a
SHA256e234ad09a1aa3a7cdf78808dcedf9e783b846a73f258ec3d27c88f2742a8d3e7
SHA51260d17b25e556e905aa9c158878d5e8795bd62b6ed3a5a278f679a15ce0f2fecd442bcb7269a235038ef4a13d7226c391cd16f99ce44e1a48b720d3cc30ecf2db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5d82143099f9ea0667058cf0cc7fdcea9
SHA1f4b7997279361e3f468cb047ab6f5ab487399133
SHA256d984aed4adebd1091d39541495344f3180184a98fe2cc9ac0ec83515fdcb9c1a
SHA51220beb32646b1c54d9d671e7032abfdf80399ba92552e7d769b7a20aa15d12ca67e45d58870c3fa0beca0e9816d60207dbf80c6d4ec5499f63de99c9c5f5e4136
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5883fcbb692772381f3eb2c098e785cab
SHA10d95c73bd6920c4b3e46e1c40e7ad4a963c21876
SHA2567abe088ce325d174d7e134689d6653c35ae84193c95c2e5e6d44b8c84ddc34f2
SHA51252bdfd4f55534be9b29eabd037e05f826ee6c118d5d04ccb8fb77aff0a10f2f5c779c90a9ab28ce86fefebc0df3a5a5e475f6f173f14625988e27ef68f0864ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51034c5c5d7afaf40a2c2cf4b5fbbf835
SHA1abe9d4d9e790c14fc08ab8bb947ffbdf4c9fc96b
SHA2567439b4b4db9e4bb5b66dd9cf92dedb245887d8c21702beacd29d37c51bf1b6a7
SHA51293f0c1f5efce201baee31cfd652afae4ec7e340f6b566adc6787697aac403477f5f70100459866da788f720c9120f4766d92c1b56ad60e304e8ca34cf94a2f11
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD53cb56c5e8ab465fdeb3af9155694c3b2
SHA1d75cd40ddd228ddceabecbc2a0a660c99fc6f802
SHA256e8412edbc703b7108ce0d4cf561be7b8fdb9577e9c00977f7de1ce648d9f0dfd
SHA51254aca3411fedd31655ec37062a2cc7090998124023e894e307d902b900de9d916f550725d2cba034af926f2bb376317841582391900a738c110a0f1e0c7aa15b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5beb7f28c8395376e36941de23c7ef8cb
SHA174d8860be8938290a519725bdc35d0a2f6ab6557
SHA256fd55f51a4b888988d062cb496004dfc4559231e95021abb6274074baad9237fe
SHA512f2e05e7fc763c57a0ed90a549392c7e575b6e39bd412d98ff9c63590b55f05b245c3523bee970df36b0df1dea1e40d08c4f53f6e06c947d35b6920804f0371e8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5449e20791a4ee1ee25fa724c02f62b60
SHA132d4c3747c49f60fb629bd03c001c8d73aede258
SHA25641b76c9929968b7d51442980e7bcfbe8cca24db8dba3b9111d2e9835eb8b2339
SHA512c566342eec830d367f7128f8f207b63380022701fa32b34b042fcb7d36a7a5f5586dd9148bf5dd034418cdb0c6e2a0917c529abec5d3c1f0fe50af0609adf762
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.funFilesize
8KB
MD5f22599af9343cac74a6c5412104d748c
SHA1e2ac4c57fa38f9d99f3d38c2f6582b4334331df5
SHA25636537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65
SHA5125c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4
-
C:\Users\Admin\AppData\Local\Temp\.sesFilesize
53B
MD564e9b43908771be38c0edfc7b6c60864
SHA1ce10b3f5ccc9fd49de9a2a9548a7b80f0ddd4eb5
SHA2569e4a1bdb1464cdeae2798a9dbb062558abb50c682886f91a152e3a71550d6b1e
SHA5124dc47fc5315a7b24559cb45c1050e61302bacfa511afb8164827744d8c946b8faab09e5e2fdf3db6cbd4a1f034b0606dc0ba1db8922262d8ba8c1fbc9dabd303
-
C:\Users\Admin\AppData\Local\Temp\AV.EXEFilesize
1.1MB
MD5f284568010505119f479617a2e7dc189
SHA1e23707625cce0035e3c1d2255af1ed326583a1ea
SHA25626c8f13ea8dc17443a9fa005610537cb6700aebaf748e747e9278d504e416eb1
SHA512ebe96e667dfde547c5a450b97cd7534b977f4073c7f4cbc123a0e00baaefeb3be725c1cafbfb5bb040b3359267954cd1b4e2094ef71fc273732016ee822064bf
-
C:\Users\Admin\AppData\Local\Temp\AV2.EXEFilesize
368KB
MD5014578edb7da99e5ba8dd84f5d26dfd5
SHA1df56d701165a480e925a153856cbc3ab799c5a04
SHA2564ce5e8b510895abb204f97e883d8cbaacc29ccef0844d9ae81f8666f234b0529
SHA512bd5159af96d83fc7528956c5b1bd6f93847db18faa0680c6041f87bbebef5e3ba2de1f185d77ff28b8d7d78ec4f7bd54f48b37a16da39f43314ef022b4a36068
-
C:\Users\Admin\AppData\Local\Temp\BroadcastMsg_1708521232.txt.funFilesize
16B
MD58ebcc5ca5ac09a09376801ecdd6f3792
SHA181187142b138e0245d5d0bc511f7c46c30df3e14
SHA256619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
SHA512cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650
-
C:\Users\Admin\AppData\Local\Temp\DB.EXEFilesize
243KB
MD5c6746a62feafcb4fca301f606f7101fa
SHA1e09cd1382f9ceec027083b40e35f5f3d184e485f
SHA256b5a255d0454853c8afc0b321e1d86dca22c3dbefb88e5d385d2d72f9bc0109e6
SHA512ee5dfa08c86bf1524666f0851c729970dbf0b397db9595a2bae01516299344edb68123e976592a83e492f2982fafe8d350ba2d41368eb4ecf4e6fe12af8f5642
-
C:\Users\Admin\AppData\Local\Temp\EN.EXEFilesize
6KB
MD5621f2279f69686e8547e476b642b6c46
SHA166f486cd566f86ab16015fe74f50d4515decce88
SHA256c17a18cf2c243303b8a6688aad83b3e6e9b727fcd89f69065785ef7f1a2a3e38
SHA512068402b02f1056b722f21b0a354b038f094d02e4a066b332553cd6b36e3640e8f35aa0499a2b057c566718c3593d3cea6bbabd961e04f0a001fd45d8be8e1c4e
-
C:\Users\Admin\AppData\Local\Temp\GB.EXEFilesize
149KB
MD5fe731b4c6684d643eb5b55613ef9ed31
SHA1cfafe2a14f5413278304920154eb467f7c103c80
SHA256e7953daad7a68f8634ded31a21a31f0c2aa394ca9232e2f980321f7b69176496
SHA512f7756d69138df6d3b0ffa47bdf274e5fd8aab4fff9d68abe403728c8497ac58e0f3d28d41710de715f57b7a2b5daa2dd7e04450f19c6d013a08f543bd6fc9c2e
-
C:\Users\Admin\AppData\Local\Temp\SB.EXEFilesize
224KB
MD59252e1be9776af202d6ad5c093637022
SHA16cc686d837cd633d9c2e8bc1eaba5fc364bf71d8
SHA256ce822ff86e584f15b6abd14c61453bd3b481d4ec3fdeb961787fceb52acd8bd6
SHA51298b1b3ce4d16d36f738478c6cf41e8f4a57d3a5ecfa8999d45592f79a469d8af8554bf4d5db34cb79cec71ce103f4fde1b41bd3cce30714f803e432e53da71ea
-
C:\Users\Admin\AppData\Local\Temp\svchost.exeFilesize
180KB
MD5b06d9dd17c69ed2ae75d9e40b2631b42
SHA1b606aaa402bfe4a15ef80165e964d384f25564e4
SHA256bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3
SHA5128e54aca4feb51611142c1f2bf303200113604013c2603eea22d72d00297cb1cb40a2ef11f5129989cd14f90e495db79bffd15bd6282ff564c4af7975b1610c1c
-
C:\Users\Admin\Downloads\LoveYou.exe:Zone.IdentifierFilesize
210B
MD5b367602bc4f30989d806cf06c3c39699
SHA188c31db0e4b60b6f1b193151755a5ff5a84be80d
SHA2563d4f6af32083d27d5f764de13ab325146f9d9f9515e9de52ab868e62f3c69cc8
SHA512dcb2082addf1e6330e481a37c9336949af7686982159f1374d2c5aa83755b9a565b1a72d99088c48ce586326a9ae2b8681092c8048356b37acc0ca0bf544db3f
-
C:\Users\Admin\Downloads\Ransomware.Cryptowall.zipFilesize
100KB
MD58710ea46c2db18965a3f13c5fb7c5be8
SHA124978c79b5b4b3796adceffe06a3a39b33dda41d
SHA25660d574055ae164cc32df9e5c9402deefa9d07e5034328d7b41457d35b7312a0e
SHA512c71de7a60e7edeedbdd7843a868b6f5a95f2718f0f35d274cf85951ee565ef3ba1e087881f12aeede686ce6d016f3fd533b7ef21d878a03d2455acc161abf583
-
C:\Users\Admin\Downloads\Ransomware.Cryptowall.zip:Zone.IdentifierFilesize
244B
MD5f56cfa3b8bad367d304f6576a3953814
SHA145cda971418a1e0f59b7e71a418594ab49a3d0a8
SHA256e038f666246a2deabf214713344bab3842bd6cad5ef6c40731b27cf6c0ede299
SHA512fe80649442d89a71cd623214e12499f6cb20ab8da77c2880c88bb619d4ebc93e50910c0f20d7e9cfc7251f8f0d5df10fe04765844287870e6e70831375ca3a46
-
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zipFilesize
239KB
MD53ad6374a3558149d09d74e6af72344e3
SHA1e7be9f22578027fc0b6ddb94c09b245ee8ce1620
SHA25686a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff
SHA51221c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720
-
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.IdentifierFilesize
228B
MD5fa3374f52c14a969c628a0b9898935ba
SHA12125b2297e81491ff74004202a697fc560030f40
SHA256f4f781121f08d2b7264b09bb87c50a5afc0de6268856be4227d19de331d59cdc
SHA51293fb5d4d7bdb87aec0929d27032416eaab30dc300544cb845f292c2a216793ce724729e2c1327103277fdbe1d05edf8cfe016519213e1f79760c6faa1e829a82
-
C:\Users\Admin\Downloads\Ransomware.Locky.zipFilesize
125KB
MD5b265305541dce2a140da7802442fbac4
SHA163d0b780954a2bc96b3a77d9a2b3369d865bf1fd
SHA2560537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0
SHA512af65384f814633fe1cde8bf4a3a1a8f083c7f5f0b7f105d47f3324cd2a8c9184ccf13cb3e43b47473d52f39f4151e7a9da1e9a16868da50abb74fcbc47724282
-
C:\Users\Admin\Downloads\Ransomware.Locky.zip:Zone.IdentifierFilesize
224B
MD518b61577edfebadd3d8d153c209168b5
SHA18a42b40943a6ee8d2168f43617432f4388489b33
SHA256de9c046944b7081dfceb743d8c1819a87258801088ac84058705955aebe799f7
SHA512d88efae2b30cffe5c502812283e6ad8800baa48bf810d6685103f36bbc942fb98382a027f56f18e2f77125f5819a589a65daffd2cfd081e7db9df2ffee541e40
-
C:\Users\Admin\Downloads\Ransomware.Petrwrap.zipFilesize
728KB
MD570f7b56abe51b3948cf200e7fbbe25ca
SHA1ef0888f3e59334c1499aceaae03e31c85ad01f40
SHA256a42d04f793e8f9dbd3ce02e383de987b0c76cb2718ab06163c693a867f2a602d
SHA512d2161e999a7d43a4af62671f9946713e22ed06c5c53831141ae24043048870cb3f903050879c7cf7b7c300d38bb309aa8b52f29fa5ff633c963a5cc2fff6d45c
-
C:\Users\Admin\Downloads\Ransomware.Petrwrap.zip:Zone.IdentifierFilesize
236B
MD583c733db70dc4f761da37ae67352b978
SHA18549b85dd43b183c816410dec35ce0f244d5f3e9
SHA25697424a7b355eaecc81f5cf096ff6955fded5217874f6e164942e5620461cdb29
SHA51286c309a927a5faadfc7bbdcd8dfa19d5bda239514addaecfcc20cb5e4798c78bf0db8e3532137a64c87e7e6ba15f28518bd4227239dd523ff2bbcf5589954c7d
-
C:\Users\Admin\Downloads\Unconfirmed 576290.crdownloadFilesize
22KB
MD531420227141ade98a5a5228bf8e6a97d
SHA119329845635ebbc5c4026e111650d3ef42ab05ac
SHA2561edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71
SHA512cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7
-
C:\Users\Admin\Downloads\Unconfirmed 884515.crdownloadFilesize
2.1MB
MD5f571faca510bffe809c76c1828d44523
SHA17a3ca1660f0a513316b8cd5496ac7dbe82f0e0c2
SHA256117d7af0deb40b3fe532bb6cbe374884fa55ed7cfe053fe698720cdccb5a59cb
SHA512a08bca2fb1387cc70b737520d566c7117aa3fdb9a52f5dbb0bb7be44630da7977882d8c808cbee843c8a180777b4ac5819e8bafda6b2c883e380dc7fb5358a51
-
C:\Users\Admin\Downloads\tsa.crtFilesize
1010B
MD56e630504be525e953debd0ce831b9aa0
SHA1edfa47b3edf98af94954b5b0850286a324608503
SHA2562563fe2f793f119a1bae5cca6eab9d8c20409aa1f1e0db341c623e1251244ef5
SHA512bbcf285309a4d5605e19513c77ef077a4c451cbef04e3cbdfec6d15cc157a9800a7ff6f70964b0452ddb939ff50766e887904eda06a9999fdedf5b2e8776ebd2
-
\??\pipe\LOCAL\crashpad_1696_UREAFVNQIXCBEFAAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1392-3235-0x0000000000400000-0x00000000007D1000-memory.dmpFilesize
3.8MB
-
memory/1392-3233-0x0000000000D40000-0x0000000000D44000-memory.dmpFilesize
16KB
-
memory/1496-1483-0x000000001B510000-0x000000001B548000-memory.dmpFilesize
224KB
-
memory/1496-1511-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/1496-1484-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/1496-1486-0x000000001BA80000-0x000000001BF4E000-memory.dmpFilesize
4.8MB
-
memory/1496-1487-0x000000001BFF0000-0x000000001C08C000-memory.dmpFilesize
624KB
-
memory/1496-1485-0x0000000001020000-0x0000000001030000-memory.dmpFilesize
64KB
-
memory/1496-1482-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/1648-3033-0x000000001F2D0000-0x000000001F3D0000-memory.dmpFilesize
1024KB
-
memory/1648-1985-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/1648-1512-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/1648-1513-0x00000000015B0000-0x00000000015C0000-memory.dmpFilesize
64KB
-
memory/1648-1514-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/1648-1515-0x000000001B9C0000-0x000000001B9C8000-memory.dmpFilesize
32KB
-
memory/1648-1983-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/1648-1984-0x00000000015B0000-0x00000000015C0000-memory.dmpFilesize
64KB
-
memory/1648-3032-0x00000000015B0000-0x00000000015C0000-memory.dmpFilesize
64KB
-
memory/1648-3053-0x00000000015B0000-0x00000000015C0000-memory.dmpFilesize
64KB
-
memory/1648-3054-0x000000001F2D0000-0x000000001F3D0000-memory.dmpFilesize
1024KB
-
memory/1736-3538-0x0000000000400000-0x0000000000464000-memory.dmpFilesize
400KB
-
memory/1736-3542-0x0000000000400000-0x0000000000464000-memory.dmpFilesize
400KB
-
memory/1736-3541-0x000000000257B000-0x000000000257C000-memory.dmpFilesize
4KB
-
memory/1736-3540-0x0000000002570000-0x00000000025D4000-memory.dmpFilesize
400KB
-
memory/1736-3539-0x0000000000400000-0x0000000000464000-memory.dmpFilesize
400KB
-
memory/2068-3565-0x0000000000400000-0x000000000040A000-memory.dmpFilesize
40KB
-
memory/2068-3516-0x0000000000400000-0x000000000040A000-memory.dmpFilesize
40KB
-
memory/3496-3506-0x00000000007D0000-0x0000000000863000-memory.dmpFilesize
588KB
-
memory/3496-3502-0x00000000007D0000-0x0000000000863000-memory.dmpFilesize
588KB
-
memory/3496-3537-0x0000000000970000-0x0000000000971000-memory.dmpFilesize
4KB
-
memory/3496-3515-0x00000000007D0000-0x0000000000863000-memory.dmpFilesize
588KB
-
memory/3496-3536-0x00000000007D0000-0x0000000000863000-memory.dmpFilesize
588KB
-
memory/3496-3501-0x0000000000400000-0x0000000000445000-memory.dmpFilesize
276KB
-
memory/3496-3503-0x0000000000620000-0x0000000000651000-memory.dmpFilesize
196KB
-
memory/3724-0-0x0000000000400000-0x0000000000443000-memory.dmpFilesize
268KB
-
memory/5148-3545-0x0000000000400000-0x00000000007D1000-memory.dmpFilesize
3.8MB
-
memory/5148-3325-0x0000000000400000-0x00000000007D1000-memory.dmpFilesize
3.8MB
-
memory/5148-3412-0x0000000000400000-0x00000000007D1000-memory.dmpFilesize
3.8MB
-
memory/5148-3374-0x0000000000400000-0x00000000007D1000-memory.dmpFilesize
3.8MB
-
memory/5148-3422-0x0000000000400000-0x00000000007D1000-memory.dmpFilesize
3.8MB
-
memory/5148-3471-0x0000000000400000-0x00000000007D1000-memory.dmpFilesize
3.8MB
-
memory/5148-3439-0x0000000000400000-0x00000000007D1000-memory.dmpFilesize
3.8MB
-
memory/5148-3464-0x0000000000400000-0x00000000007D1000-memory.dmpFilesize
3.8MB
-
memory/5200-3228-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/5200-3216-0x000000001D540000-0x000000001D5A2000-memory.dmpFilesize
392KB
-
memory/5200-3215-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/5200-3217-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/5200-3227-0x0000000003140000-0x0000000004140000-memory.dmpFilesize
16.0MB
-
memory/5200-3218-0x000000001D9B0000-0x000000001DA02000-memory.dmpFilesize
328KB
-
memory/5200-3229-0x0000000003140000-0x0000000004140000-memory.dmpFilesize
16.0MB
-
memory/5548-2549-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/5548-3043-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/5548-2548-0x00007FF902CF0000-0x00007FF903691000-memory.dmpFilesize
9.6MB
-
memory/5788-3535-0x0000000072AC0000-0x0000000073071000-memory.dmpFilesize
5.7MB
-
memory/5788-3514-0x0000000072AC0000-0x0000000073071000-memory.dmpFilesize
5.7MB
-
memory/5788-3569-0x0000000001190000-0x00000000011A0000-memory.dmpFilesize
64KB
-
memory/5956-3234-0x00000000009B0000-0x00000000009B4000-memory.dmpFilesize
16KB
