8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009

Resubmissions

10-08-2024 06:53

240810-hnsmsatfrf 6

10-08-2024 06:49

10-08-2024 06:46

10-08-2024 06:41

10-08-2024 06:38

10-08-2024 06:35

Analysis

max time kernel
277s
max time network
276s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10-08-2024 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Module.dll
Size

1.3MB
MD5

157fd035b2a344a94166d7db3756df0e
SHA1

f221d28c1deb80b4e8d9201226435aefce6b0f75
SHA256

8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
SHA512

fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
SSDEEP

24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk

Score

8^/10

defense_evasion discovery evasion ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

$uckyLocker.exe

pid process

4272 $uckyLocker.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

9 raw.githubusercontent.com
40 raw.githubusercontent.com

pid	process
4272	$uckyLocker.exe

flow	ioc
9	raw.githubusercontent.com
40	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

$uckyLocker.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe

Drops file in Windows directory 12 IoCs

Processes:

UserOOBEBroker.exeUserOOBEBroker.exeUserOOBEBroker.exe

description	ioc	process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier msedge.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier	msedge.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

$uckyLocker.exeFileCoAuth.exeFileCoAuth.exeFileCoAuth.exeFileCoAuth.exeFileCoAuth.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{8B3E4DBE-6BFA-4A51-92A0-4CF97BD782B3}	msedge.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 343027.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
3580	msedge.exe
3580	msedge.exe
1052	msedge.exe
1052	msedge.exe
3068	msedge.exe
3068	msedge.exe
5048	msedge.exe
5048	msedge.exe
1396	identity_helper.exe
1396	identity_helper.exe
420	msedge.exe
420	msedge.exe
4056	msedge.exe
4056	msedge.exe
1000	msedge.exe
1000	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

2284 OpenWith.exe

pid	process
2284	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1000	msedge.exe
1000	msedge.exe

Suspicious use of FindShellTrayWindow 62 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe
1000	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

OpenWith.exeOpenWith.exe

pid process

2284 OpenWith.exe
3232 OpenWith.exe

pid	process
2284	OpenWith.exe
3232	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1052 wrote to memory of 4048	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 4048	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 1552	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 3580	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 3580	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe
PID 1052 wrote to memory of 2792	1052	msedge.exe	msedge.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Module.dll,#1
1⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd636d3cb8,0x7ffd636d3cc8,0x7ffd636d3cd8
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4272 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1820,11417989910576916851,16150791040197025290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1104

C:\Users\Admin\Downloads\$uckyLocker.exe
"C:\Users\Admin\Downloads\$uckyLocker.exe"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:4272

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd636d3cb8,0x7ffd636d3cc8,0x7ffd636d3cd8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,7472029551387244742,2639030707241506146,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,7472029551387244742,2639030707241506146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,7472029551387244742,2639030707241506146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7472029551387244742,2639030707241506146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7472029551387244742,2639030707241506146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1892

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3816

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3792

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3348

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1816

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3880

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2468

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9cd83dce9bd4e1b5d4c3d04ae5d52ce6

SHA1
9c7829eb231203c692817f250e8d3825f3d06d92

SHA256
88658e43fd0a4f79a19995cd253debfa7befbbf3004775a59db3500540d0ed42

SHA512
9e781bb348b45d4ee526c25a99b92ee4b6b41895d64223e15195c7ced0ecb7f6437831017958e7a5a424ba9ed8cb9a17f1c86544946dc818625fbc6316cb7dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
13d455d7cfc182fe3893d72fa983d735

SHA1
4f35c7834c54787129637a26248e7f3afa4beb39

SHA256
86cf33b3d3f38c2efee7b0de0b59c9209ea42969098d5f2cd021aea040b9e5e2

SHA512
8611481ff32e7d94caa4e2e25b158611ea18ba74d1c72538d3e83f9e4ec399dce3c3e7f0165a996672d47224d494bf3add46bb3154cfb3dee2241cf9410b0cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c76a9d6fd63abba4dc7c9643763094a3

SHA1
33f6f2dfc699d9fb11e0646d6f65632d23ee43ba

SHA256
061d799493bac73aaa9b352c727dc189b92a00a1cbfde9fa0799074ef81f1a0c

SHA512
4cca2299c35e882e006350fdccefdcb129471ec5bf47fdfaa35b0af9cdca51e3b26e3f6979eda26c3a96b4e53dcb83ddfe7603e03906bd261c4e232fea313a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
984d0c10cfd146fc39bd68c2032532cb

SHA1
fe431c1eabe748d6becc8ca12ee9a9a75c262abf

SHA256
0d075c42e73ec40ab6dfa650766d714c4b502e0b3d662e83d2119d3df56f46a4

SHA512
faf5b56456be45091a0c6967a2d8f60d91698b2bd2860d750e54d35f932f98e5cbe3740901b973026b2dbecd97278c7321810d33d88a6e49ea3e5b81b1931748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
efef858ec87cbdd819bd9f466202e92e

SHA1
8a97cb0c78d04642eb98164476ab183543e550c8

SHA256
4363d72ad66b42eb4a05c1aceb5885d8d980228049aa6a3066b01ac4a4ecfadb

SHA512
b80fb617ddfb4bd2512ba8c13eb60841372d47b066cc4b20c14cce3a7d75bfed053ce20c5fa80b599c3fbfd651a1b616c235fe87cc590a281013450c64cbd998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
e9c2021e83026ba9f846d19d8285678d

SHA1
14a7332833500fcfa0b963b658d8d9ead5c38f47

SHA256
97859d643db80e9311a7aa784cb984717f12efa7d89d98f0e5fa7659021dbba9

SHA512
7a11fbc6e51679b93d59ce9333788e678265733ed7ec5f157f12d36927b282d52b60202e6ca732f9c1383204cef0f820e1e137a608f7d27e2fe782d26616abe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9adc10ed8b551094b106b9efa2b602dc

SHA1
ec2f32b748f5c13a8addaaceb18697a7f7ecf8e3

SHA256
78c2eb94d94779591f22dce57060d9d18e2aba527f0ce764233e3e502b958317

SHA512
94a2617cf399c9b94accd2bdb8aaa69e491b3c21ee18d1a3259cb0a59b054fa9ed561d57f69766504d55808c1938ba3ce3bebfffec81893d24f0ce16225146b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
af38087a3e84eea604f0507e049e1c37

SHA1
4646f92f7e6bede6f6bc6d402ad668241f36e38d

SHA256
d02064965e4ae4c5ab6cd8072676b98eff679fa78ed443e8443359e0c2641ec3

SHA512
f4999bed1a17d2aea1a072515fd3233c0e6a2252e5583be31453b008348344e32b63f830c94695568decbff8f42b28e96145aebad9beff6de173df35b9d24c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
6fd8abde542a3a44043fb8510b8a9830

SHA1
b42fb3d748021575f39586a2ee9061c7b4cb8f5a

SHA256
b9f394c9b1502f2b5ceddc2fd166aeafb60396e0e9b8a27a5d654f82603209b2

SHA512
80dadc8d8fb26a4fc2377bd3a99541e6649bd7a9af57f6ec0b249b0c03bc9daa2429b9c02458d9d3d9a396c076bc75f50decae53f4bcf4530fdedc65c508fb4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
fd325086a5bd3d7d06e21c10e2d7801c

SHA1
65ac313642df681e751d2c3d1b5ae347851aec6e

SHA256
a47e3122ebbb59161414c5a4f9a9d4076e92efc92bfc009acc16dcf2ffc92b24

SHA512
70b6d52694b47ef306e16a83376eb566fff31dc715b3234e3d88e488363f28d24e7525acdcd319481f977df0501cd8202fa04ca982b45c63a6e3e6c048dc9906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
0921b3e7b9456ed9555957a04278f83a

SHA1
7f7083836aad0c32192c38ea1599fc13fde54f7c

SHA256
28a2a8c5646afcfae81d30b33cb870afbb32efcb388bc789edcaa81671f10291

SHA512
9f7705165969df3c14524f4b0150f858da6551db5a3f66f845ed78b7cb104949d82dab84c7ef4f9ad9c406949e21a020d4cd0b43ad9605c536fe7278a87609e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
8e133aa300ff38882c224503d10beafe

SHA1
4f06f477b7f86928440e688e1ced68b49b393c9b

SHA256
16a7b34b2bb3ac6b24e5eda72a177fe990c4435fa6ae3f2eb9e2737ba0435f36

SHA512
6692aad1b3b07d116ce8854766cb7e1f614ee982fc492a2cbfa6e533bd50982296046fa92872f9194706098ae8357b60f0bcd13cf695cef846d867df896ab24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
16KB

MD5
1154bade53b75f35e655ec8403ae6647

SHA1
a9d7cb72bc8c31f7bda73c25514ab16b8d6296bd

SHA256
ff40d93519e250b29f51d52a30afbd4abed54790cec586cb0f042df4aaea2819

SHA512
6a14ca7ecbca6f5b5b8290ff0ff650adc3e8f749c645a039698776a5ff33e5c6f2f6de89bc18ab584eb016c621692c7768d6cc060c3c976c14ff9e54324d521d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a61e3cd18e87235972a375a5a75836b9

SHA1
45e252d9048a34fb1360d3a00c13f0fa2021bc16

SHA256
562cdb672015b576c6db1a9fd5b95f3f4bf59b168297f0675fbede2ff7181c71

SHA512
f54e61dc83498cad9c018938b2d0898f05e92b461af1bd816d49fc6fb06c1df1e194e1508b9d773ddd601a8dc96c20591636d32e97fb9d321bc4077d1054452f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
879B

MD5
620f0daa55b94e74d0f09ff9093d3811

SHA1
d122dad0e44b978d34198d35e5b330a07be75417

SHA256
6175722be0fd5a57c32c0eec4b226ce4e279617f61a025e5f86ff2d7ba2551a7

SHA512
a957c6102654a74d4bbb9c1357742c39bf6462a244d0d35e623834611557b71d5f2a895e920aa969be519f7b593f8aced0925f7d4f9edc6ea6032bea9f49f679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
879B

MD5
a36592d846966c945605f5155971356c

SHA1
02a1cc9f043fabd6b0ae36e9c01082bbbb42fb4e

SHA256
fa7402335f8c2ce75894837e459fc5b289dba7a13e50c04fecb592bfcac4b2a8

SHA512
6963136943bccbcabf6af8a9cedc69ca33906c906344422454825476ed8f0ba043ee0887dad537c400ecd1c7fd94478cb811d0fa1dd809448be5106ba5ab22d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5eb187748f3909090b3c7bd78a948c30

SHA1
154a53d71ca845155fc2156cc0fec9f0bcfb439b

SHA256
55a4a1c56366c5d3d39b5a4d72b685c44fbfc123ce68ddb5f603a636890553dc

SHA512
a1fcbf32dae8364275fa568e316ceb5294e3a5977d62f84b07c4bfc37012be1736cbf61cd7ca7809f95a8b021278d4b9bc0c508429c7d5f2d94ae09cd82a6cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b7d0a08f7fac4de071eeea605f5c6ff

SHA1
d04349f546151c8a60adf7650fdcf8347672b52b

SHA256
06fed14174661fa0c2cb436c2d1aeb76f8f4049ccdd3dd54303b798baba5fd28

SHA512
a9e569c9a630a9a97f23f23412f7c54713922c75538a08a047ed16fb7765170849e8fb60126e64162488eb54b78f7785a5a730eb19fc2b39ad3d6643f0274788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e33da5e7cccf7e3fac6faca1fb2a730b

SHA1
f5e7c3d8ac5b0f42f3bcff7f94ab99b205f4e3a0

SHA256
6eb794ca6a033b565168ac97523200c6eb39b0518d06907f5dbfb69f669ed119

SHA512
68e08c882198eb7f616f759520b6d953ca35bbfc3929a6ffd1febaf269777b8b7b9b0a9e286d57817822ad32abef542f6e8634a77ed220d3b24d472026920639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b78e463c91ed8aff465fbb179d224e7a

SHA1
42f72070e82e2ca2088aba5afc4578a026a7df44

SHA256
b712acad8c5d549af8345512d614d57d1e1ed54ca1c69e4defbf63a53cf78a41

SHA512
df29c2678f4c948b828401cc697ba2f1624784e258a8839955d19e68ce45093d5c7a09aa4e4f044dba1a2b4a7a9cf2d0e4495be02bd9a73e2c61b0efbf641a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c827cc2d3396b3ee3ae849bb7cc4cf55

SHA1
0471cceeb2d8ee3c27e00a7c2dd0520c0b1afab8

SHA256
4e0674621cdd1250b52ef62230783e8fa82ede90d1847f93e111c82142959fc9

SHA512
5bc6cac01d6321a883aca9ced90faf2b1ff13cd8786e0945903f243251dfb14edeedbca0f38564e2e81d635a0f6766124fe43cf32454ae0abb4c426a1df8c55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2a969da312345030b5677fe8fef2db9

SHA1
19c567ec99ff3907c8e8438080cebd1cc4c5fe66

SHA256
cc3be1ad160c60f33e72396eeb2428f3e69eccf1a4e32cac3c9b3c81ab3bd522

SHA512
b5b7c969988c1ff1d03449529d6cd764d48659308006992e1d97774e6f12ce6ace2318dc18c4834a6e4c98fcd6f463b25c8de45628d4423d56c4be45f3803a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
d9045a9eb4b37d1e09ef5dd627b3f63e

SHA1
5bec699e87f2cf09cd1c26881f0762bdfdc92b28

SHA256
b09025cbdd33f969d21e4c36c13817bea6222ba77a62f122a2caa888cf7b14c9

SHA512
b25eb1259bfc192caeb71f0d5a8c74e9d174624809e1a242f0ba3716b3531d944dc7097ccddd0b43e257af8345ac7b64c9e33ec7bbab61b16c07e9c604b17e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
1eaae777b13bae4bf5e51e6324d156c8

SHA1
d028121a27c2ae7bc088cb1c6857e2ff1d411c09

SHA256
e539cb4e6870b709c9f75100c6cbdb5c8376cd9f786aa4541cc57ceaafb20ddd

SHA512
1ed6adc1c64b3256051ab553c0b9105805007968cacae4d55b67bb54e2a39cb2507a4334bf0caad3a1e2411d3e7259f898ef9fca7cff1b5850b87964307deb73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367745714977245

Filesize
14KB

MD5
2529f56adcb52afd6d0c1cf817e924dc

SHA1
c33e844ade5af160e3976a6e1881316d950a7cd3

SHA256
fe2f73725034fb2960e1cdbe68222f7229c1515f1a787b715180c48cadffd9cc

SHA512
c5dfcd7fa90be2791935af1b51b0c4bdb23c0e51e42758d3b52431a166feba4c1890beb8157f1a1df6a2875bef0e2a35188b32d92e702984357b580f8c6c7315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
fc1ee664376b57e067c508dc2b2d1cef

SHA1
2e59478d8c7e81b3649c2de57225e86416e1b092

SHA256
2711beca0bb00679bdd23bd7b3b5aeff5b447a7f3b1efa87bb0a99043958dbb4

SHA512
4c3d1dfd301d7b71dcf1c6000b12f8f1b52f899d8d6f96a3ee74154ca815825364b5a28e808c4d0663dd7a594bc7dfbc0193966734aa3195ae88ba2c72756ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f1f8b1f89e5f05a8d939d34efa13a5a4

SHA1
8c904450620d2b057505b36db61e5c3112c0ef6e

SHA256
0e53183035725f5b35d2d4b0eb26d63ab37ec63817a7c4fa8f82aeb68d25e126

SHA512
8f491395ce855fb2f678141c4e42c175be6cd1484e57c534b759065b7023337127eb73dc46b8a9fe217f72c08eaaf6b2a1907f9efea9d79b527195e513ba9985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d609078d76643dc100e295e4b59da286

SHA1
a94c4e850da85480598da0d37772c03ee00842af

SHA256
b8c92fe0227e4b78e7d89d535411cf88bf9a22d855d729638f23b6d15abed386

SHA512
f081443ccf32878d084044aa7fae5d7d18880e12ed6f2c59cb42a4b8358c387a05bd7f515cd6bf759f05136176007faf62fea407718360c93cc19bd079b25f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87173812d6dc9d4f8ca53faba2c04f3c

SHA1
e4e3d873b75ecb1c2120fcd5fc5d976f0307509b

SHA256
a8822fed470df7241b2acfde9141b321517e336b411453a1a7bb131fcf743e25

SHA512
58070e48c7a790c5264a29875142e204ac300894e2e5aab5f4ddc5b532b7a79683b811dd7c7dac48fb86ca894720a3e62fe0b49fa5e89b4a685196b96c4717a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64b10437e1b884ca662611b85409ac3e

SHA1
f8816ce8477c948317ed7643d651e189a48c71bb

SHA256
03ce3f15e99f2f276eefe78826499909701e75d1d22e8aa808bfe89b446c8194

SHA512
940364d940198d6d2f9511c03ea931fdedd3da96aa28bb63ff9bac0b6bbef58dc0262e3dd56f3a1097b035fbaf79c75ff7994c1fa334223aed37af1d55c9e7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef2663f390433c64256047c85dd32888

SHA1
74834e1c4be6c775f98b92dbc49412df14a949b1

SHA256
c7a70424229992562a763aff0a54682603ebc1c1d6252b07bd94231b3efcdf9d

SHA512
e90e167118c409173cc8f91b1d641d7996ab069a666d4d2592d66ff18ebd516bfb181f8e7a3dfa31e1b183178fcc18fab1b681e992356bbcbbf5c3eabe98f4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58211f.TMP

Filesize
1KB

MD5
104f6350f63a7e8d647593100767e0f8

SHA1
a8778d15947775c5b854fc88c5fba2d688fc2c06

SHA256
b2ff37aab88115596a6fbac2526b686e71f65b0c65d9f51aeeb4804bae983232

SHA512
cc6090106c0d7085b41da691f9c3ff6034bb4de289cdab9fcaded7e4a06cc52ba46adbed2e49fc1f3084379964f92a569909d8e6bf2515cf9b1163a92040b564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
a0f6d165a0732479925a1f1524e5fb59

SHA1
a03ce5e15ce6c1c622457549fd15bc2aa7041ad6

SHA256
70eb4b9e2d7a33ae5b469007969a6c7b0eef3114bc34f4c4e65d0d227a0d2c5f

SHA512
5cef0858ad610afb3488bfa34a24e56c34e4f37130117801b87302d05310cfa7aab331192f4b753d42aee72021570789112efb6ebcf5cb7a7cd2bc25fa0c514e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
32c1592089c7f8e01f4821c08962385a

SHA1
bc245a862e6b0c0e6c5973495bbeb65801d2a44a

SHA256
31578ee2ae58573f2e0b7a35fe3fd9c2353a76b1501f11bf8208621ee77372d0

SHA512
6673128bd4c45991387b8dc4fe5cc2c4fde0dbd254d6a4487a66dfcc0f3d4297c285c5f2eea50c1e67eae7699de13f0795488174d0a7bd719ce9d4a431d9374c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
2923b7327ae8d5cf258c7e1922e3785f

SHA1
7ddf2f525edd0dde69fdd04e3c6319c002c358a6

SHA256
cb9c2005a9b24c6e0301c85fc5040be6f0a369eb1bb975367e6416cb9846934d

SHA512
42b520f24203237501b82aebb1282aa0b12c9df448203976bb7aec1446b5772dd5afe3702785990ef90f12ff289ab8f6df5512f2b771c0808be155a83dc7276c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
21f6cba9355effdca78830c050ee79f2

SHA1
ce2c6b9a40b430dc0450d12defc4fe780a8581b1

SHA256
30cadeff2bad52896dd1209e5d2bea9da84c8e7024b01c9b5f869f9cf1fc8d81

SHA512
6f2ccfd8a8474467a501b702f7d674489602daaff61748ffd39fc05362712ad5bfc010af46d947fa914e6a3719ee65a92f4eb2944d00c99ac9f988c03abafa38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
3b8344d9432caecb10a296a65b8a39c2

SHA1
f783aa27b2e85ade262fc124a2721d8f82feebc6

SHA256
934910e7d989ef6f3900006fc9f436780b4690684eb528ceeb0f17e23a3c441f

SHA512
ea21a8c91538ca6e29370cda3092cbd726b0ba9cb9ebff38bcaeebe5db0d221307ecc8d14793f9efa261e8027aa7863d56099cd61435dbfcaae99d386fad9cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
976c229ff58bde64e028e08ecdb518d5

SHA1
6da4b3d9c776f65cd76cac08145dd733a0b98399

SHA256
a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a

SHA512
354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
d24479f6711b2f1c6c124b683c45e693

SHA1
16936614efbfdd12bd54d02f331b2884aaf31640

SHA256
a331c827a8681a0a24b0ec538a2dabe6d1b42e4a6737b602e4c7a1c454513ef7

SHA512
3ac40eb3feb02d08d604815837e5f20f3b1b6940659c457b98760a1fc18d2abd865289e892f97028fec7f7c766bb90f109b76723abed5724aea56a04408b5f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
22437c1aaf73cb7ddc7e317914c1e9a0

SHA1
a0034e56420cfd2e9cc1d350ac8bf5d72fa18843

SHA256
fe96cce9ea12cb297052f8785124964a9062fbe08829fa2ae590514670715047

SHA512
3851d08daf64bb60d08f07fa56028a86998e41d2e335739a22d9d2abf02bc8c52d1b76dffec1a002345750b34d2ff2d435eb43250094da1e1411562d5ff3608e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6535a5e262683f3078b41d471f22cc05

SHA1
7bff59d1e462890f2238b9b85e6b3c200fce1c59

SHA256
cb269c32e8bdf713ce7db17b5849136dd78af33ce021c4f6408c6165f1bf9f83

SHA512
ed1383cd361afd7a0eeeefc7daf6ccd680b56b46cd3fe922ee20689db74be13f1243bd260caf97539ce83e514138d2b7cf4e0ff9248a46083ff5c9f766151dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
aa10725dd1bab092faa94a77917ddad5

SHA1
d94b7c08a87557151f9d479f1e8f58315235b4cb

SHA256
febeb1dd41f20524198a23f44e5c2eefed0f8dea144653feb2c82ec407e50857

SHA512
66ccbac26e7276937d7463ada163027008fd8161c42950d70e876c592001c4fcefeaa83115c2bd8ef95508d3c0dc81a09744af7337276b733414be5530cf4b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f822ebe714c5ccfdbec156d882041636

SHA1
e07cd745d856b3c0e5a9564c03cb6689bf52784e

SHA256
9e1a4a7af7e6695715eaa89628d27b8f4fd1d47f49ec0c66f33d739f6498906b

SHA512
5d0dbc27bf8c7ba35c127ba89cb5dafa97dbf237801819ab52dff61c81356c9ff5328e3ae9a9e38bbd30f3c530e7c2b227b9851c3ff28d27497864054cae6684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0400fae84d2f75629cb6424e41149bce

SHA1
c2695da6968b1cc8a8692f9bf6b84f74249b5556

SHA256
f1fd0820fd39b420a2943aeb6214c0b9067bee3fc9c960b98a7643e63e52c4c4

SHA512
ca36bcc92f923b4a2a209863ac11862476a315a52e67a7b190867ebe3f2a75024a7dbe518215b0bd2af7ebd537669c26ce11769d740927ea79cc1dc52a6c9adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
beabc5f9028cfc2a4ead567e7ef009cb

SHA1
2c4d85726433daebda51e729ee45e9aa15e2b7b3

SHA256
563decbc4aea4646c49c9dc4dbdd129a9429e8a81a7aaeeaedecc9de5bb4d3f6

SHA512
5b0ca58089cd52215dc6b3a15e0c296be46e42211eae93d5c10444b7ac12805d4baf6e42c061c44b728d745a0d456da766c4eef75f1d9644812218323141aec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
afd0d3e44fb8215869f213170a5e085c

SHA1
59d099e450319cfd0789222d6ac177ee4d8d1aa6

SHA256
daff840868a93496b147be312be6d02d0c3888eecd3eebb58922d9ecc9f9ac1d

SHA512
a63c31d00f26ffb777498166b272d1ff7b2cbb50e2b950cb73f4d3b50698a2121601b48a1ce4099694ac4c8aac62eac69da6e525aa16bf4a988eec57b926e090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
729d04dbc98b6edfa5363ad3401b4606

SHA1
41718aef8519eafd0a77588bbdd8e016da20b13e

SHA256
74502ed051f0a80b9a9a6ff1f15232efc164353bd3b391b8c9aac66560b59fcc

SHA512
20362c72033f9728e935e2ae74f507cca34e838688b8660e3f56a1b975afa47f855359cd70b582f93a29c0b3b8397129ba90e4a0cfc6ed07eb2bb53cc89cc096

Download Submit
C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 343027.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
\??\pipe\LOCAL\crashpad_1052_WYAXRJAHJSWBWUDY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4272-570-0x00000000055B0000-0x00000000055BA000-memory.dmp

Filesize
40KB

Download
memory/4272-569-0x0000000005650000-0x00000000056E2000-memory.dmp

Filesize
584KB

Download
memory/4272-568-0x0000000005C00000-0x00000000061A6000-memory.dmp

Filesize
5.6MB

Download
memory/4272-567-0x0000000000A90000-0x0000000000AFE000-memory.dmp

Filesize
440KB

Download