Resubmissions
29-06-2024 09:31
240629-lhfyksvcre 429-06-2024 09:31
240629-lhafssvcra 329-06-2024 09:31
240629-lg1llavcqf 329-06-2024 09:29
240629-lf16qsxgjk 329-06-2024 09:25
240629-ldzvwsvclb 7Analysis
-
max time kernel
141s -
max time network
139s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
-
submitted
29-06-2024 09:25
General
-
Target
cd57e4c171d6e8f5ea8b8f824a6a7316.exe
-
Size
90KB
-
MD5
d84e7f79f4f0d7074802d2d6e6f3579e
-
SHA1
494937256229ef022ff05855c3d410ac3e7df721
-
SHA256
dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227
-
SHA512
ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260
-
SSDEEP
1536:gea4Ta4b9I3BbbHVlnOXrPBdfeISRAOl801AbcsqD95wSxdRf3:gea4Ta4JMbb1lnOXrPXe7Yhq5Zf
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Detected potential entity reuse from brand microsoft.
-
Drops file in Windows directory 64 IoCs
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=21575171⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9db173cb8,0x7ff9db173cc8,0x7ff9db173cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,14835550588384134747,4756136898742888450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$SysReset\Logs\setupact.logFilesize
109KB
MD5c747b936ec0132c406b56e25a7028040
SHA143c5c947bad2b1fb508b1d172066c1fba9e3a3e5
SHA256ef7cb21980fdf94b7d5e30ed6f383f6bf9e81f7e2a913dcc6fe81cce58b406ce
SHA512db188af40bc0601205332e3cfd94e20b7c875803e8b765ca05e2338f3e1d7c61d3b28bf2bac63acd5c004620b1a69d6082344890e99ed1cb15590016576aa4b1
-
C:\$SysReset\Logs\setuperr.logFilesize
974B
MD57a8e1013bd2585b55cf7a6249d57d056
SHA1eade2ab3fb78455306ba6e7ff977445292831020
SHA256e70bd9072b1483f8642e14b5d4e3f85ec3171246edca05e5228fc56d8f3c10cd
SHA5127803ca4f7aac7dc1b8c1b707395c246d0b5caad7438332f4acee180fb8eb27ca60c8f7cf6db421183b3610d089a5b739de17df0d140b870c196042454ca26487
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD568de3df9998ac29e64228cf1c32c9649
SHA1be17a7ab177bef0f03c9d7bd2f25277d86e8fcee
SHA25696825c1e60e4a87dc5dbae78b97104e6968275fa1602c69053d0192cae143f43
SHA5121658b0bc504a8a5c57c496477cd800a893d751f03d632ef50aff9327cd33ad0e4e4f27bcb85b20bd22bef2ca65600b7d92e2a1f18fd3d08ad6391983de77beaf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56f738fcca0370135adb459fac0d129b9
SHA15af8b563ee883e0b27c1c312dc42245135f7d116
SHA2561d37a186c9be361a782dd6e45fe98b1f74215a26990af945a2b8b9aa4587ec63
SHA5128749675cdd8f667ff7ca0a0f04d5d9cad9121fd02ed786e66bcd3c1278d8eb9ce5995d3e38669612bdc4dccae83a2d1b10312db32d5097ef843512244f6f769a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58e012d5-0d14-4b2b-8079-9d5849d74efb.tmpFilesize
6KB
MD5193d9e37ebc83c28e914271da34c99c7
SHA1a0b13f120a880be858c990a2ad0c64fe57de84e2
SHA2560a931cd9467b1b06681230aacb67f26cfcbe2b800074ff5a900712136bbd765f
SHA512aa2c01f30e5868325d2125da4ad11523883a732e9fd964be9a7bd7246e2576dd0cafbb1a4e5138425db22ce24bc2ede2b381636377c2e81d114a44406062461f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5c7d799f64a5ea8f455e1bba6e198047b
SHA17274b04d17e3c0e17121807a04ffa22245c931f9
SHA25679a80c631af091e9b78778f994d78314185023f357d3ff6319350d9c282c5989
SHA512a4e66d2b88eb1dd643bd34ba1a5ff789a805d7ce1d3c408365309d81745d762ed592afd9b17a81b8035142b7732608f0140b8dcaab0ea2c4a3e0669e807367ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d853ea51124aa4829a5ab6f35c2de3a4
SHA1f161d31e7860278510a938261ad25201b4398d10
SHA2565a61fdc260d6c89a04877915cce267e1aaf77c4b6d1abc594de38f7e83545229
SHA51220065038b07fe1bf342cfde429f5c9a3c60f3e4db77666ff1d9ed011d784d7eab246592ecd33b3993dcfc9e9e0c627d395d3f2d9a681b8d8b7805d6c3f0ec0fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5595eb33ba5228782be4422fa8008730e
SHA123faca8568f3aee1af7580a193a87729daf2aaef
SHA2568e60b7ddc851ce3db3ecbdd3ee53895249a0f139d7d6d9faae1b53c8ba5389a4
SHA512187c7a842bd55dc6d04e1628cb2835671cc96046dfdf01926ceb41d7718bd2280090374d8bbe5794c71bf7447546ada4b163b911f0f54c1b58ede888a9587a8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5bb137fe09f48e86d4e24d9cba1a7e8fe
SHA1c287bfad60b858837c6cc7da9cea63bcbe6efbcb
SHA25665ee7cf141fb05e6a014363f569f0de48f9b0ae2cb4c13427f0763925057a8b9
SHA5120951c48c4a676f26ae2e635c8eafba116d2a583de0d4453a0959b7d78e5ef49f0014d95045bd3984059aace48da5984fecddb541798ef3a700726fdf5720abdb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5179c9dfea5d75612508df4d315e4fc70
SHA139623f76601fb02dcc873cb59b978624a67c8c2c
SHA25661b7d9138c98fa429382ca67e5a34b0acdc2077c9b33fed0e2cd5ad57db6ce97
SHA51273723848f0ae6cc97c8148c57d8074fb72a7a1c1ef4d294c51a80c9376b38fd7622a7c7b1c918de4bd202e9ff6c1e5388cc325ba1129aa97d34a44f050eba1f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59065f.TMPFilesize
2KB
MD579ddeef50beef5ba9f2abdf80d7ced1c
SHA1f997957725bbcad242f941722d55d09ff7282369
SHA2566c8cc599e0412599098841e9ba225db74560464af418c4a743ff806ebb343340
SHA5126718e23512c4b7b0d7ca7655c5c0293c5a222c87140157d4ff02d1df3a04cd951c04ba8796dc0e0e3c3cb88ad6835efd8f53b68d1a8fa085e745d30e4932930b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59473aa8464e2aecd422c18693f41cc1b
SHA1442c518f6fae3a5846e6782128812ab5057a9dca
SHA2561321fb317c577f53f83666c47b7e50eb32f5dedfb8addb2496ec9ddd1f0ae8c6
SHA512800281acbfaaa8b2917e1fbd69fcb98ada96c5c5a3e6c4904498fab98551a9b5dc264225eb11e8177ada1797fc347200107beb67a72fba3c4cdaa8ad7b780817
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ec12c498689058f62df97eee22bbca94
SHA12471c4efcf92bb83a039b320995a6120779668a0
SHA25637bb0c9b4bb69ffb6af3b88f755bac648884720a4b4314d190e135906830bf66
SHA512b5beae09430ccdefd3936dc0babb6b99e67f219b4bc559fdccd5814e38ae75bfba5696eba8ce3713975f9ac489e7fd7380ac780364f3597ec7f9d4e34f453861
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-6-29.927.4588.1.odlFilesize
706B
MD56b1e7b2cdb94810f97498e0ce16e23b6
SHA13b750296c36492e4606ab525b7f5be7d5f4ede97
SHA256e2658ffa78434195d8e60c14564b5bd33c71a83165f0a0be1e2f2a6ea5abc227
SHA512d05d628e783da0c290e37ad9a3f9be423c85fc7d343ea4a15f7b4a5c35df3f82de0eb423ffc338ac11298f1bf077cb11820e214e585324c81b9d7e5153647019
-
C:\Users\Admin\AppData\Local\Temp\{58131396-831C-4D43-802E-3B4E953F1473}\ssshim.dllFilesize
148KB
MD53de653713e705e001c3f0be1efc51ed3
SHA163565592c266226d36604933e51725e90010da25
SHA256c78ebef77e03135b3cea0705d4c259d782ed80746faea4e9f4a851e494fa94f9
SHA5127db1063fa2a7c0bcf394d7a20984ab1b501cb24fae5e801addace77424ba773c948a87d8c3fb38f06366b1478f70ba0278c48f219d224ff6e904ff2ee161fb4e
-
C:\Windows\Logs\PBR\ResetConfig.iniFilesize
167B
MD5e8b67f9f170a171d59b1020f686f09ce
SHA119428a2ab0e7f64ceaf7cdc723916a9f6ebf26bd
SHA256e88065016cfd248d4d0f5199becb3d9233a4d96bcb60fa5a7c2724c2cc71ac1d
SHA5128616c3065e84f11acd8cbe57e3dc06fab843787ccccec062ec873ba7e97eeb6008cb61b2e35a71bbbdd61be800ad96af6a0dbbbcca42992ed2a5ee0681e156a8
-
C:\Windows\Logs\PBR\SessionID.xmlFilesize
106B
MD50897c121a54d16021e289f045ba1ceca
SHA1a8811cdda6b814b0ab4b807da740924f205f2e60
SHA256d19042f302ef7fdec2d4555c1e77392256c94e554b9c2dba41d14f7716306fb2
SHA5120b1ac32025899959610c5ba9d6d5fc2d55cfa7ecb9f77fabaf76c21ce09609e4bb01a8f22cd06f1a7fcacdc00bfc062092e3a6d121696ff4cab8562667184c47
-
C:\Windows\Logs\PBR\Timestamp.xmlFilesize
42B
MD5a17e03281a86ec9030e517d252e9419c
SHA19f6c13729aaa6819436e47a5d27adf6b22f22317
SHA2561fafd613e3c85d0af73f5e2d52eee671a6fadff69342e1f7fd9ac26d34e7208b
SHA512fbd37efbefe0785389106ce59bef517fc090f36cd7ad2bd3830ff6b026bb18bd07063e548dc3f7442a3be7f3dd51fead5fc07025ac44d4db9d17ce4fa7599a50
-
\??\pipe\LOCAL\crashpad_2792_NCDGBFPVRDGJGBQYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2808-0-0x000001B9BB370000-0x000001B9BB38A000-memory.dmpFilesize
104KB
-
memory/2808-3-0x00007FF9DDFD0000-0x00007FF9DEA92000-memory.dmpFilesize
10.8MB
-
memory/2808-2-0x00007FF9DDFD0000-0x00007FF9DEA92000-memory.dmpFilesize
10.8MB
-
memory/2808-1-0x00007FF9DDFD3000-0x00007FF9DDFD5000-memory.dmpFilesize
8KB
-
memory/3760-230-0x00000202D2CF0000-0x00000202D2D81000-memory.dmpFilesize
580KB
-
memory/3760-27-0x00000202D2CF0000-0x00000202D2D81000-memory.dmpFilesize
580KB