locky | f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b

Analysis

max time kernel
483s
max time network
487s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2025, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b (2).dll
Size

159KB
MD5

7932ee5fa6f83b149569752c47e04b87
SHA1

6eb115feadc5808507fb5a666dd18aa89a45616c
SHA256

f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b
SHA512

17ba26e69f7536f5adaa52454fbd407338be61d97bc396baa591de9fa19aab3e539b4ca32059b2ddb1b901ac7ecd341dff9ead706fc0d058086e6b3795642f58
SSDEEP

3072:pusrpo1j49JvKa0ePbh37E6ZO78buZKxrF:ZQcvKpE37E6nmKhF

Score

10^/10

locky locky_osiris discovery ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Locky (Osiris variant)
Variant of the Locky ransomware seen in the wild since early 2017.
ransomware locky_osiris
Locky family
locky
Locky_osiris family
locky_osiris

Blocklisted process makes network request 6 IoCs

flow	pid	Process
26	4776	rundll32.exe
31	4776	rundll32.exe
32	4776	rundll32.exe
59	4776	rundll32.exe
64	4776	rundll32.exe
65	4776	rundll32.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp"	rundll32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Control Panel 2 IoCs

defense_evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\Desktop\WallpaperStyle = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\Desktop\TileWallpaper = "0"	rundll32.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
5112	msedge.exe
5112	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 4776	1904	rundll32.exe	86
PID 1904 wrote to memory of 4776	1904	rundll32.exe	86
PID 1904 wrote to memory of 4776	1904	rundll32.exe	86
PID 4776 wrote to memory of 5112	4776	rundll32.exe	108
PID 4776 wrote to memory of 5112	4776	rundll32.exe	108
PID 5112 wrote to memory of 856	5112	msedge.exe	109
PID 5112 wrote to memory of 856	5112	msedge.exe	109
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 1128	5112	msedge.exe	110
PID 5112 wrote to memory of 4592	5112	msedge.exe	111
PID 5112 wrote to memory of 4592	5112	msedge.exe	111
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112
PID 5112 wrote to memory of 3828	5112	msedge.exe	112

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b (2).dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b (2).dll",#1
  2⤵
  - Blocklisted process makes network request
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Modifies Control Panel
  - Suspicious use of WriteProcessMemory
  PID:4776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\DesktopOSIRIS.htm
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe8,0x108,0x7ffebbe246f8,0x7ffebbe24708,0x7ffebbe24718
      4⤵
      PID:856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
      4⤵
      PID:1128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
      4⤵
      PID:3828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
      4⤵
      PID:4292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
      4⤵
      PID:3528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
      4⤵
      PID:820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:8
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
      4⤵
      PID:4960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
      4⤵
      PID:2080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:2700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:1644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1649132685388820683,15516515734655739643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bdaedf93fae9e360102755d7afa6a1ac

SHA1
6610c7468628638312b517b2c742a554f99e33c1

SHA256
d2e4474dadaaec1340b726f419b5c6c7805f4b5ae1c4696883154b15ea61cae7

SHA512
46dc085db56b18d7c9d2fc063209fa21e4abfc075f2b5fa372e552f6b1934b832313181aa8f82023afe4f44efe2bca6f88e542105a554d8e2e21557c9f3b4ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
14f0f5365d298c4c594511d4b640d918

SHA1
dad4fce934487e4c8b165091612810cb6c506864

SHA256
6daeea78cfe22986edcfd55f7a4ba48b4b6caf3d4bb0de97c72a85d1288fdf20

SHA512
a9dbbf2e2d383ae5eb6d9a3fe9557018a9e3783b685c57bcbfb99300b3213bbe766e1a17a43c55022debca66e94d8a36e9c0871f80f5ac3dbef58bca3acfc1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a22d1df947891f57045739beeb900f78

SHA1
f388f1abefc6a14b3748ecbd266e65dc0b1522fd

SHA256
97f439fe2da47eaafd568e630ce9b6445bafc7e37af4f84c6708367f2d0bd6ad

SHA512
646a7640fa5158f00b3c47cad343137f98c42a03e974b8653ad45d982db250c2d628d664c0379abd979b0b38346d6c22ed0c1568bb39da223983bd1cf6f605c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7dd562c81e956b225bb001eee69e27c9

SHA1
a893fc962824b6dbacafbc217e05fef5b2e84f3a

SHA256
928d7edd186eca23bcfe33c85a317ddff683e329ab796bcaad3371564c176500

SHA512
8358ace57bba02d21e311691790f739c8f7bc8d091291eb88aa7c59fb30b01dfec991d7ad10c6f18f7ea8ef3c4fd0aacd55df451a5f574936c30bdf761fa2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
be2e01d46a759918e5b1bfe5114152b6

SHA1
f062c27f24d107e592bb1cce90c15f558a33bb7a

SHA256
58922444301f69a352797d030fdbca04e7f97381703419595cf6935c9276df34

SHA512
2d5bc30bf2a147e3d7703a7aaa1d1feb75d4bdf0eab4d4004dd4e397706ad783c5d1fa4d0415e00338a454bf2579bd50f4e6f661c0ed3645b449577037cec94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb757c1e63d698b61055a6aa3d68baa0

SHA1
0d45e1642da4ad284043494c6905c36757e862cd

SHA256
988867a4d33f10eaaf7864b8b2fc50efcd383de901723119cd7feb6bf58fe6a3

SHA512
431d05b2802342a5d9ab7c99b6c4823ff377a251bb6019c3c415637ed0dbe915e2bc7930fb3891b2d681d01cb3b33a73412fa3e631eb1043e7d3499a96ddf7ae

Download Submit
C:\Users\Admin\Music\OSIRIS-b535.htm

Filesize
8KB

MD5
f820c1ea7dbe6ac3f5b53554e4a9633e

SHA1
3cf20f96c7c31ee064a68ff70bbcc246d8006eaf

SHA256
8a1c1569d77ae40aa94a815fae89a2e29784edabe1c317db60b6603e0fd2f206

SHA512
22c05eae27552e378d2959177f99b814bb67b3de7ba0ca1897b57621fd70b5d12cada49236793e993af69806d5f34c83f1592a198ebd0ccb687e1125e3e3e9ae

Download Submit
memory/4776-5-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/4776-16-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

Filesize
200KB

Download
memory/4776-14-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

Filesize
200KB

Download
memory/4776-12-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

Filesize
200KB

Download
memory/4776-9-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

Filesize
200KB

Download
memory/4776-7-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

Filesize
200KB

Download
memory/4776-0-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

Filesize
200KB

Download
memory/4776-4-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

Filesize
200KB

Download
memory/4776-2-0x0000000074BB0000-0x0000000074BE2000-memory.dmp

Filesize
200KB

Download
memory/4776-1-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download