307d9f5e4b85d1209753a90220cb3cf6e590288af57d81fb6a282c5d1a6d68df

Analysis

max time kernel
143s
max time network
153s
platform
windows7_x64
resource
win7v20201028
submitted
22-11-2020 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ledger-live-desktop-2.17.0-win.exe
Size

87.6MB
MD5

2ffa14c74bd1ed291cac0cafa9122090
SHA1

4ff0b198f034e6f49239ec164f6ea6438bc1a8ac
SHA256

307d9f5e4b85d1209753a90220cb3cf6e590288af57d81fb6a282c5d1a6d68df
SHA512

287ff06cb4bd567489ec0e607bc2553411a3d1cd21b7b26100314ab6afc41dc4e1b6e3d1be07f9803a0663ce81a2781bb792a90c4f13bc0f2dacc47168cc8ac1

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 8 IoCs

Processes:

Ledger Live.exeLedger Live.exeLedger Live.exeLedger Live.exeLedger Live.exeLedger Live.exeLedger Live.exeLedger Live.exe

pid	process
524	Ledger Live.exe
1176	Ledger Live.exe
908	Ledger Live.exe
668	Ledger Live.exe
1932	Ledger Live.exe
760	Ledger Live.exe
2356	Ledger Live.exe
2452	Ledger Live.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Ledger Live.exeLedger Live.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Control Panel\International\Geo\Nation	Ledger Live.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Control Panel\International\Geo\Nation	Ledger Live.exe

Loads dropped DLL 42 IoCs

Processes:

ledger-live-desktop-2.17.0-win.exeLedger Live.exeLedger Live.exeLedger Live.exeLedger Live.exeLedger Live.exeLedger Live.exeLedger Live.exeLedger Live.exe

pid	process
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1260
1260
1260
1260
524	Ledger Live.exe
1176	Ledger Live.exe
1176	Ledger Live.exe
1176	Ledger Live.exe
1176	Ledger Live.exe
1260
908	Ledger Live.exe
668	Ledger Live.exe
1932	Ledger Live.exe
1932	Ledger Live.exe
1932	Ledger Live.exe
1932	Ledger Live.exe
760	Ledger Live.exe
524	Ledger Live.exe
2356	Ledger Live.exe
2356	Ledger Live.exe
2356	Ledger Live.exe
2356	Ledger Live.exe
2452	Ledger Live.exe
2452	Ledger Live.exe
2452	Ledger Live.exe
2452	Ledger Live.exe
2452	Ledger Live.exe
2452	Ledger Live.exe
2452	Ledger Live.exe
2452	Ledger Live.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

JavaScript code in executable 25 IoCs

Processes:

resource	yara_rule
\Program Files\Ledger Live\Ledger Live.exe	js
\Program Files\Ledger Live\Ledger Live.exe	js
\Program Files\Ledger Live\Ledger Live.exe	js
\Program Files\Ledger Live\Ledger Live.exe	js
\Program Files\Ledger Live\Ledger Live.exe	js
\Program Files\Ledger Live\Ledger Live.exe	js
\Program Files\Ledger Live\Ledger Live.exe	js
\Program Files\Ledger Live\Ledger Live.exe	js
C:\Program Files\Ledger Live\Ledger Live.exe	js
C:\Program Files\Ledger Live\Ledger Live.exe	js
C:\Program Files\Ledger Live\resources.pak	js
C:\Program Files\Ledger Live\resources\app.asar	js
C:\Program Files\Ledger Live\Ledger Live.exe	js
C:\Program Files\Ledger Live\D3DCompiler_47.dll	js
\Program Files\Ledger Live\d3dcompiler_47.dll	js
\Program Files\Ledger Live\libGLESv2.dll	js
C:\Program Files\Ledger Live\libglesv2.dll	js
\Program Files\Ledger Live\Ledger Live.exe	js
\Program Files\Ledger Live\d3dcompiler_47.dll	js
\Program Files\Ledger Live\swiftshader\libGLESv2.dll	js
C:\Program Files\Ledger Live\swiftshader\libglesv2.dll	js
\Program Files\Ledger Live\libGLESv2.dll	js
\Program Files\Ledger Live\d3dcompiler_47.dll	js
\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\crypto.dll	js
C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\crypto.dll	js

Drops file in Program Files directory 1557 IoCs

Processes:

ledger-live-desktop-2.17.0-win.exe

description	ioc	process
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSBitcoinLikeBlockCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSCosmosLikeAddressCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSCosmosLikeMessageCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\utils	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\CosmosConfigurationDefaults.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\CosmosLikeRedelegationListCallback.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\CurrencyUnit.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\DatabaseValueType.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSEthereumLikeTransactionCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSWalletCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSStellarLikeWalletCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSThreadDispatcher.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\DatabaseColumn.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSRippleLikeAccountCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSStellarLikeAddressCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSStellarLikeWalletCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSRippleLikeAddressCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSTrustIndicatorCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\snapshot_blob.bin	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\locales\nl.pak	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\obj\ledger-core-node\ledger-core-node.tlog\CL.command.1.tlog	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\CosmosLikeUnbonding.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\RandomNumberGenerator.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\StringCallback.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSDatabaseBackendCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSTezosLikeOriginatedAccountCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\BitcoinLikeInput.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\BitcoinLikeSignatureState.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\WalletPoolCallback.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\lib\ledger-core.lib	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSBitcoinLikeAddressCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\elevate.exe	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\locales\bg.pak	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\obj\ledger-core-node\ledger-core-node.tlog\custombuild.command.1.tlog	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\BitcoinLikeTransaction.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\CosmosLikeMsgType.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSAlgorandAddressCpp.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSCosmosLikeRedelegationCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSEthereumLikeAccountCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSEventPublisherCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\obj\ledger-core-node\ledger-core-node.tlog\custombuild.read.1.tlog	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\BigInt.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSBinaryCallback.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSBinaryCallback.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSBoolCallback.cpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSPoolConfigurationCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSStellarLikeTransactionCallback.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSEthereumLikeWalletCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSRunnableCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSWebSocketClient.cpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\locales\hu.pak	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\BlockchainExplorerEngines.cpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\ExecutionContext.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\StellarLikeNetworkParameters.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\StellarLikeTransactionCallback.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\OperationOrderKey.hpp	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSStellarLikeAddressCpp.cpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\src\NJSWalletCallback.cpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\chrome_200_percent.pak	ledger-live-desktop-2.17.0-win.exe
File opened for modification	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\obj\ledger-core-node\ledger-core-node.tlog\link.write.1.tlog	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\AlgorandAssetParams.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\BitcoinLikeScriptChunk.hpp	ledger-live-desktop-2.17.0-win.exe
File created	C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\include\Currency.hpp	ledger-live-desktop-2.17.0-win.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Ledger Live.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Ledger Live.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Ledger Live.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Ledger Live.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Ledger Live.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Ledger Live.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Ledger Live.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Ledger Live.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	Ledger Live.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Ledger Live.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Ledger Live.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

ledger-live-desktop-2.17.0-win.exeLedger Live.exeLedger Live.exeLedger Live.exe

pid	process
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
1680	ledger-live-desktop-2.17.0-win.exe
908	Ledger Live.exe
668	Ledger Live.exe
2452	Ledger Live.exe

Suspicious use of AdjustPrivilegeToken 121 IoCs

Processes:

ledger-live-desktop-2.17.0-win.exewmic.exewmic.exe

description	pid	process
Token: SeSecurityPrivilege	1680	ledger-live-desktop-2.17.0-win.exe
Token: SeIncreaseQuotaPrivilege	928	wmic.exe
Token: SeSecurityPrivilege	928	wmic.exe
Token: SeTakeOwnershipPrivilege	928	wmic.exe
Token: SeLoadDriverPrivilege	928	wmic.exe
Token: SeSystemProfilePrivilege	928	wmic.exe
Token: SeSystemtimePrivilege	928	wmic.exe
Token: SeProfSingleProcessPrivilege	928	wmic.exe
Token: SeIncBasePriorityPrivilege	928	wmic.exe
Token: SeCreatePagefilePrivilege	928	wmic.exe
Token: SeBackupPrivilege	928	wmic.exe
Token: SeRestorePrivilege	928	wmic.exe
Token: SeShutdownPrivilege	928	wmic.exe
Token: SeDebugPrivilege	928	wmic.exe
Token: SeSystemEnvironmentPrivilege	928	wmic.exe
Token: SeRemoteShutdownPrivilege	928	wmic.exe
Token: SeUndockPrivilege	928	wmic.exe
Token: SeManageVolumePrivilege	928	wmic.exe
Token: 33	928	wmic.exe
Token: 34	928	wmic.exe
Token: 35	928	wmic.exe
Token: SeIncreaseQuotaPrivilege	928	wmic.exe
Token: SeSecurityPrivilege	928	wmic.exe
Token: SeTakeOwnershipPrivilege	928	wmic.exe
Token: SeLoadDriverPrivilege	928	wmic.exe
Token: SeSystemProfilePrivilege	928	wmic.exe
Token: SeSystemtimePrivilege	928	wmic.exe
Token: SeProfSingleProcessPrivilege	928	wmic.exe
Token: SeIncBasePriorityPrivilege	928	wmic.exe
Token: SeCreatePagefilePrivilege	928	wmic.exe
Token: SeBackupPrivilege	928	wmic.exe
Token: SeRestorePrivilege	928	wmic.exe
Token: SeShutdownPrivilege	928	wmic.exe
Token: SeDebugPrivilege	928	wmic.exe
Token: SeSystemEnvironmentPrivilege	928	wmic.exe
Token: SeRemoteShutdownPrivilege	928	wmic.exe
Token: SeUndockPrivilege	928	wmic.exe
Token: SeManageVolumePrivilege	928	wmic.exe
Token: 33	928	wmic.exe
Token: 34	928	wmic.exe
Token: 35	928	wmic.exe
Token: SeIncreaseQuotaPrivilege	624	wmic.exe
Token: SeSecurityPrivilege	624	wmic.exe
Token: SeTakeOwnershipPrivilege	624	wmic.exe
Token: SeLoadDriverPrivilege	624	wmic.exe
Token: SeSystemProfilePrivilege	624	wmic.exe
Token: SeSystemtimePrivilege	624	wmic.exe
Token: SeProfSingleProcessPrivilege	624	wmic.exe
Token: SeIncBasePriorityPrivilege	624	wmic.exe
Token: SeCreatePagefilePrivilege	624	wmic.exe
Token: SeBackupPrivilege	624	wmic.exe
Token: SeRestorePrivilege	624	wmic.exe
Token: SeShutdownPrivilege	624	wmic.exe
Token: SeDebugPrivilege	624	wmic.exe
Token: SeSystemEnvironmentPrivilege	624	wmic.exe
Token: SeRemoteShutdownPrivilege	624	wmic.exe
Token: SeUndockPrivilege	624	wmic.exe
Token: SeManageVolumePrivilege	624	wmic.exe
Token: 33	624	wmic.exe
Token: 34	624	wmic.exe
Token: 35	624	wmic.exe
Token: SeIncreaseQuotaPrivilege	624	wmic.exe
Token: SeSecurityPrivilege	624	wmic.exe
Token: SeTakeOwnershipPrivilege	624	wmic.exe

Suspicious use of WriteProcessMemory 144 IoCs

Processes:

Ledger Live.exe

description	pid	process	target process
PID 524 wrote to memory of 928	524	Ledger Live.exe	wmic.exe
PID 524 wrote to memory of 928	524	Ledger Live.exe	wmic.exe
PID 524 wrote to memory of 928	524	Ledger Live.exe	wmic.exe
PID 524 wrote to memory of 624	524	Ledger Live.exe	wmic.exe
PID 524 wrote to memory of 624	524	Ledger Live.exe	wmic.exe
PID 524 wrote to memory of 624	524	Ledger Live.exe	wmic.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1176	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 908	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 908	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 908	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 668	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 668	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 668	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe
PID 524 wrote to memory of 1932	524	Ledger Live.exe	Ledger Live.exe

C:\Users\Admin\AppData\Local\Temp\ledger-live-desktop-2.17.0-win.exe
"C:\Users\Admin\AppData\Local\Temp\ledger-live-desktop-2.17.0-win.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1680

C:\Program Files\Ledger Live\Ledger Live.exe
"C:\Program Files\Ledger Live\Ledger Live.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:524

C:\Windows\System32\Wbem\wmic.exe
wmic os get Caption
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:928

C:\Windows\System32\Wbem\wmic.exe
wmic os get locale
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:624

C:\Program Files\Ledger Live\Ledger Live.exe
"C:\Program Files\Ledger Live\Ledger Live.exe" --type=gpu-process --field-trial-handle=1068,12733578897747492798,13040605193461567468,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1080 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1176

C:\Program Files\Ledger Live\Ledger Live.exe
"C:\Program Files\Ledger Live\Ledger Live.exe" --type=utility --field-trial-handle=1068,12733578897747492798,13040605193461567468,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1548 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:908

C:\Program Files\Ledger Live\Ledger Live.exe
"C:\Program Files\Ledger Live\Ledger Live.exe" --type=renderer --field-trial-handle=1068,12733578897747492798,13040605193461567468,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Program Files\Ledger Live\resources\app.asar" --enable-experimental-web-platform-features --node-integration --no-sandbox --no-zygote --preload="C:\Program Files\Ledger Live\resources\app.asar\.webpack\preloader.bundle.js" --enable-remote-module --background-color=#fff --enable-spellcheck --enable-websql --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:668

C:\Program Files\Ledger Live\Ledger Live.exe
"C:\Program Files\Ledger Live\Ledger Live.exe" --type=gpu-process --field-trial-handle=1068,12733578897747492798,13040605193461567468,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1080 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1932

C:\Program Files\Ledger Live\Ledger Live.exe
"C:\Program Files\Ledger Live\Ledger Live.exe" "C:\Program Files\Ledger Live\resources\app.asar\.webpack/main.bundle.js"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2452

C:\Program Files\Ledger Live\Ledger Live.exe
"C:\Program Files\Ledger Live\Ledger Live.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:760

C:\Windows\System32\Wbem\wmic.exe
wmic os get Caption
2⤵
PID:2108

C:\Windows\System32\Wbem\wmic.exe
wmic os get locale
2⤵
PID:2288

C:\Program Files\Ledger Live\Ledger Live.exe
"C:\Program Files\Ledger Live\Ledger Live.exe" --type=gpu-process --field-trial-handle=1060,9814012694552751595,15042234573048686867,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1068 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2356

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Ledger Live\D3DCompiler_47.dll
MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
C:\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
C:\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
C:\Program Files\Ledger Live\Ledger Live.exe
MD5
90426bd78563843b431d2efc8dff9de7

SHA1
8982cf759338808ecb32b14748a6d2cd96f9549b

SHA256
d0821937a15d8014e040073a06d314e902224e10fc9a05426d247cc9fa2e6e7a

SHA512
90d689ec56189964a0158c0b423b4769ebfb3755ae345a147a7de4c5dec781455363505a6dc2013b6efc19d44cf9bf953dcb64a1f32779f48e6977fad56e4d21

Download Submit
C:\Program Files\Ledger Live\Ledger Live.exe
MD5
3af116d1ae9d7c2f2ed473dcb704598e

SHA1
f8df9d9dd8149052b085015b875dd5cd4c33b79b

SHA256
d8778ac70ac1b80e3e6aa20a3264e864de75049b5ad677a788e09707301867fc

SHA512
853f41a26c0281b9d287025df60ed01a2b7e72e28b374aa908b908b8a6ad2119f0dc37781ca9422dba888c33731fbdda7c518c6d030c6c446cbf112309be0b49

Download Submit
C:\Program Files\Ledger Live\Ledger Live.exe
MD5
7676a870c7ae76b63e826048a0a19017

SHA1
f0bb724fe58ec0d232f4574426a21301b81280c7

SHA256
8c07809df29f01b2fed272c7d13d04956a29fe97748e7e459d046340c3f735ec

SHA512
81829fd27902c265e8ba7ae76afa8e562c5e30d1e09489480f4e705a76a70634b754175ad1d8de00eb057b7b0df501a2372fed04c5386bab93e72ace1ab48485

Download Submit
C:\Program Files\Ledger Live\Ledger Live.exe
MD5
c5f95cacfcc57531b9b96a62a9ff8766

SHA1
8044a549380125a96811d4bbc0426b7b1dd23fa6

SHA256
2c56fe8f9bee392daa46e9b01ca8c13f9529d423699c203e746bcbfe672c9855

SHA512
001a2613aaa592e38b731a86c79ba7a8ed0e90adc1dd3ebdd15aa11a312be53bece4ddbab42feca8a33142afd5d50c64584c93f1024efd3b3f9199e0134d4997

Download Submit
C:\Program Files\Ledger Live\Ledger Live.exe
MD5
efbb6202ffde96f985164dbb695ae4d0

SHA1
11b515af49e800bcd7202e30c456595a9bca4770

SHA256
a8e3e00e8f2ddd8e64b358173ddff23cc36809af25accf089ae6ebfc6e117f14

SHA512
d208642f3466b32a811785f75d698df5645819275e1a8e0208c055ef82d2738f8575ff17f42a565bdb4129223938f2208e0f386d205cb92cbb993222bb972ec4

Download Submit
C:\Program Files\Ledger Live\Ledger Live.exe
MD5
8cd7107999a2706e1372be04cf1f566f

SHA1
9572638ea6316c6c27a9028d6b9db03bcecf1381

SHA256
5252416079dc4c8b71486faed9737b6121fcb6f9e28b90ce60ad9ebd793363e1

SHA512
a39b97a87a13c287c36b2f349a868657694d70e4449c7f3b1914e75b52880749204efc3412c05adbade75ada6e1a0c86bd58123320dcb1f4e16a680e41647804

Download Submit
C:\Program Files\Ledger Live\chrome_100_percent.pak
MD5
7c4728b2d58afdd97c4549c96b9561cc

SHA1
1e0d251eedd67e7021fc764b9188184617465c54

SHA256
419cfcc6dc5f38b2e0c970ebd4fad1ef55054579d5c0db2521d7ae494996aac3

SHA512
82d0931e4d1cf38f88050980f518cdacdc981c382771b1732bfbe69f601074a0e7378e27a7470c7dea4e287cb1617a5c038052908ed85134abcd5b6591b4e7df

Download Submit
C:\Program Files\Ledger Live\chrome_200_percent.pak
MD5
6af049ad6fd11ee90ad9db31c4e02082

SHA1
5d2f9a59a74dc584b5dd78aeb6de583e969e3eb7

SHA256
edecf8e1ac353bfdae534e42507e5a59973cb4cab76fbb1ff1a470363e725bc4

SHA512
c7fa6e1a57861e62b9b4d615a988c98d13cde8abc23eaed7c36c2ecb86409da4b65b1f579ca2f307e90eb4d08d14b07f7f41ccb8d8c165d6de67c09c16009715

Download Submit
C:\Program Files\Ledger Live\ffmpeg.dll
MD5
8753b30c978467aa1c2253e3b7718d3c

SHA1
5adce8f036e0082419b975cfecda00e9ccb11961

SHA256
092d1cbc999ed0d08ccfa7426b257f8083dc5e4e957b985284b54eda3debd0a3

SHA512
1368c85fabd09cc4ad17cc6411e3428013bc7b94087302c0e7ba791d09c5e80677c8a0305c42be601f759f53842cc97055720c4421b6c8cc50a94991749d0c94

Download Submit
C:\Program Files\Ledger Live\icudtl.dat
MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Program Files\Ledger Live\libegl.dll
MD5
f097ff04092e4d68ed0968b7ccb01545

SHA1
7229d4927084bd0d0f8a16af55e549e72244251e

SHA256
bd883dc6c170c2123736d6a4ca4b893952a05d4cc91203d0d3d2cbcd63cfcb43

SHA512
5f301231f012848f7fe56145df165afa5f8788cc88f945b15b97446c86b76e92ef9ac1b0508feb802c1f8fbb98432dbd1fe5136ca9cc7b388a1ad5663af2cc1b

Download Submit
C:\Program Files\Ledger Live\libglesv2.dll
MD5
bb7300b6c66bca90c2a84af7aaab7918

SHA1
2d80d314da7806ec6f8a9336f0eae7afe24effc3

SHA256
0bebfdd3d91986b512c1d00236da3ceee107de0e6b6640f8f4b3956fee000fe2

SHA512
136cb9f7a839c06b4e2fac4eb340cd6c1449b4ae318846095864bdb86c586d1f9aadc1f4e2526702c66d059afb5d45d77d9a7be14ae4eb638ef371e0a95055e7

Download Submit
C:\Program Files\Ledger Live\locales\en-US.pak
MD5
98c8cfc3cb98ab34e06d4323b8bcb043

SHA1
2c0bda072161530b710fa0a1dfc3c23926184afe

SHA256
35adc5aeeebfe440e295b88d2a4089360ada33c353843b1f5438f4118501878b

SHA512
25edeca13b4a29f63bdc4f135eda1b1b8c72f3a58315f57895950bdc15f56b2af1aca42affe397716f5965437ece836f683265a33ec919b8b26056634612ed3c

Download Submit
C:\Program Files\Ledger Live\resources.pak
MD5
d9022282a7fbf3aa354559ab6a9c7926

SHA1
ff1f2b77d80848bc1a51e48c21a033eb57d8776c

SHA256
ddc85d749b19cbabae11a0b8f7114daf75900179a2147280dd0f9f8faee7d65c

SHA512
6b9ab157cf8e10d8a79ea2ad4e247210fe2a7fd75dab086eb55951d4e028af3060e1f42175be936c6b093abc2c3071c0fd1c45afee3c567a79e1b722fe5f5d97

Download Submit
C:\Program Files\Ledger Live\resources\app-update.yml
MD5
6aba26b881312f4115c58b567d3153bd

SHA1
8d3e6d4dd7b0010539e0ebe3d51b1774909704a9

SHA256
f12482f786c2944a04391f127c72bf7e1e6c7e2466926c8636af2e4a35394feb

SHA512
af92d24ac83508c816f20fc545ad0f54c7873964fdfea3d9fd41587178a0d8c2ca98a3091a1166b5899c4709847da36a15fdd628793145f1efb1f2d6a3724619

Download Submit
C:\Program Files\Ledger Live\resources\app.asar
MD5
9798ddd58a9f59d17576ce34b68b2176

SHA1
0a8d4362efefc99e68fcacc7bd1969fed6f7b081

SHA256
74e3ab51d2eb2e9183aa5f8952b1b8c9afa81bbf3cc04e5a2e2c91d3576973a2

SHA512
7fe9a421294d898e34a76ac7569cb9c01edb50fd037b55992df73afdae3bd5d39b45d3d5348e80ec9a09b9ec6a3cd3fc9728a1a99ae97797fe3bdcf88cc4d0e0

Download Submit
C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\crypto.dll
MD5
323787c1ac33517a14d1606f3c031e17

SHA1
685eb94a22347b79ace0f2ba7fa6e9f6524141db

SHA256
efaf61708b6cfe0861aea8609dc371c75655352a404d3e3c212fa33a35c2191e

SHA512
85f5ac8b308e121a00983561eb6e491b29e6a9d6ffeb79b5cae3b13f64ef992beb802a4964b26d56b82a1ba906a8afe4318ef36752c623353f4fc2e3a8ec5dd5

Download Submit
C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\ledger-core-node.node
MD5
7451b751537c2e97da4f7ccde2c46382

SHA1
707bd2612f2a5fb79f57745ac2ea2b73330e6c95

SHA256
376b51461bd30547d5488d85a489935e66e39859ed57591ad336c241071a9d8c

SHA512
2627077dff090a4cd63c2ab1d60f6005e175310c99cc860b4af263df96c066fcad087be5582243a5273fab149ae155f27806e06cf6c9e238a147c011057ca861

Download Submit
C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\ledger-core.dll
MD5
9561dab54448c8ec9341a01172c7512a

SHA1
611ce79b7556a0e78d1368f3eb205a1ff0b18017

SHA256
95c4d7d1885b3b9c930db304c0e967b4988a6194690f9ed5d73d2f5900eea804

SHA512
3c2adbe3b67113d121dfe07fcf3240261edd07e65d9a5ab502bfed7726c56518577f8eac7911a106f766fb2af1c8a763a44024f4ddd362832dcf276de50d2201

Download Submit
C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\js\index.js
MD5
f97c80dd97eaff98a3cc220c438cea49

SHA1
2917a9af2000128228dafb233dbe8768d2d60015

SHA256
279cfacb9b658ba8e002f5673a45e12bc9f3125f3ae954870aa1b7fe5f4be022

SHA512
273c93b10d2fbc1e0f5f3fde478638eeeaa3cb4d2b468f413ef3b985a17f2b5788f05a9a3cec3ac5afbe89e34a0b227a6fb8d2a3aa2df57d433ebbe1b8fdea23

Download Submit
C:\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\package.json
MD5
87a415ab9ac566b17fc76e642a655dba

SHA1
abb01bbb7fe17d6fbb12188355f592bda1d5edd0

SHA256
8753583f1879bd3ee64cbf6867be7b90f3dcbd5d6e5bde5b0fbeff6b6066eefc

SHA512
dda54f843a7793b7668a31396f653fc6d56ba2f9fbe38b93c2a5f99d3ef2edb6d8d374d92345eae5b603397280a0dc98605007f7cfec15569cc6d328dd7e2753

Download Submit
C:\Program Files\Ledger Live\swiftshader\libegl.dll
MD5
d68ace0c88e1b4e933d8947f7d1caaa0

SHA1
f526193c10720426ba8b1fc54bf0de2138eaffc0

SHA256
158ebdba4bf1003734d9353d310e2ba5e1c271058bd6f9f45aa255175412c5da

SHA512
f427a9d95ca2b38cb7f8a9d5dc9c2016f9d6957bb01319136195b2c59a576d4722a4d0455eb6bc8f8b6d39e99dd6e4e5904491458ee307ed0e5f8e61db8f6659

Download Submit
C:\Program Files\Ledger Live\swiftshader\libglesv2.dll
MD5
e6c88513ead7aecc9e40ca4ba6b336be

SHA1
51d4727e361a397f5a0625dcf86c7d8089e7f9a2

SHA256
612f229de2cb68d7c635eff653fa5ff91047c3a66cb0d5d1358af02b8da6824d

SHA512
6ca4d7b7eb95153648786717772ec2c4f689f012f1d2d778e4e4d3166c0360f3770c634c74902515d1c7c54eb94343c778db361b672cacb719fb66b46b391f02

Download Submit
C:\Program Files\Ledger Live\v8_context_snapshot.bin
MD5
d9b62a61b9242c2d29da71d58421f08c

SHA1
62eb4411599dba13fe617a860096fe21a8141d0f

SHA256
9010758e1b4453957e561dfe6dd1c891400d7a0fb78097e8e67d9a8076644588

SHA512
1d0bd25bd3c5cb55e80592bc2a15ec94c31263fc518533c8f8d6434e9896f11aabeda2a8fa08601829fcb395ea5c69629ce2ded43d1f8106d982e1d21946832a

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live\windowParams.json
MD5
1246bc54afaca2885cefab31e26b46cd

SHA1
f9c7befb2deffc3e915323dd15d9bb02919ffde0

SHA256
529bf605bed56fc64149edb2f895cbcc0c8c63736e9c26aafbc96a24c28b5d06

SHA512
e9d56d2c1fa742ff95abf4ccfad866c460201a9847b656819ae09b6dd2dd9076cb6e63e327faa3c8d14b7beae5970d582c2b17e4fd4e630fbf6e798f4220bd4d

Download Submit
\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
\Program Files\Ledger Live\Ledger Live.exe
MD5
4a42dfb0469092c9f91e8ab3c957e1ab

SHA1
1d2c4c94460b8de5c93499fb9dc2db9aca394a9a

SHA256
e7992e88c25ae048cd11eb4c7dd70ac053cc03a78d163e09948a280acf4b2da0

SHA512
7c677184f8276ae2a516bdc1e824ef7d7f25921e5fcf8295dc560fb81d3bd21e3da805a06a8d96ef6df0875abc5d9bb58214f16553d18e2364e4658d5f488a25

Download Submit
\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
\Program Files\Ledger Live\Ledger Live.exe
MD5
f747bd260b7e52dcaab5ee158385205b

SHA1
bb92450544c0dcd6e7c4087a80636e2348c2cb6b

SHA256
c89922f7de7d315c6bc1806bd4d4d3745fa6a20a2ef6888fe14935f64c487cc8

SHA512
ac787ce7b89a956631155d4dc5eaaf15f47b938d28eab2625cec4f84c595d116f542c8b949e4890b6861f5790f3c7989e28dc8138f5f76746792198e1d337f4c

Download Submit
\Program Files\Ledger Live\d3dcompiler_47.dll
MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
\Program Files\Ledger Live\d3dcompiler_47.dll
MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
\Program Files\Ledger Live\d3dcompiler_47.dll
MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
\Program Files\Ledger Live\ffmpeg.dll
MD5
8753b30c978467aa1c2253e3b7718d3c

SHA1
5adce8f036e0082419b975cfecda00e9ccb11961

SHA256
092d1cbc999ed0d08ccfa7426b257f8083dc5e4e957b985284b54eda3debd0a3

SHA512
1368c85fabd09cc4ad17cc6411e3428013bc7b94087302c0e7ba791d09c5e80677c8a0305c42be601f759f53842cc97055720c4421b6c8cc50a94991749d0c94

Download Submit
\Program Files\Ledger Live\ffmpeg.dll
MD5
8753b30c978467aa1c2253e3b7718d3c

SHA1
5adce8f036e0082419b975cfecda00e9ccb11961

SHA256
092d1cbc999ed0d08ccfa7426b257f8083dc5e4e957b985284b54eda3debd0a3

SHA512
1368c85fabd09cc4ad17cc6411e3428013bc7b94087302c0e7ba791d09c5e80677c8a0305c42be601f759f53842cc97055720c4421b6c8cc50a94991749d0c94

Download Submit
\Program Files\Ledger Live\ffmpeg.dll
MD5
8753b30c978467aa1c2253e3b7718d3c

SHA1
5adce8f036e0082419b975cfecda00e9ccb11961

SHA256
092d1cbc999ed0d08ccfa7426b257f8083dc5e4e957b985284b54eda3debd0a3

SHA512
1368c85fabd09cc4ad17cc6411e3428013bc7b94087302c0e7ba791d09c5e80677c8a0305c42be601f759f53842cc97055720c4421b6c8cc50a94991749d0c94

Download Submit
\Program Files\Ledger Live\ffmpeg.dll
MD5
8753b30c978467aa1c2253e3b7718d3c

SHA1
5adce8f036e0082419b975cfecda00e9ccb11961

SHA256
092d1cbc999ed0d08ccfa7426b257f8083dc5e4e957b985284b54eda3debd0a3

SHA512
1368c85fabd09cc4ad17cc6411e3428013bc7b94087302c0e7ba791d09c5e80677c8a0305c42be601f759f53842cc97055720c4421b6c8cc50a94991749d0c94

Download Submit
\Program Files\Ledger Live\ffmpeg.dll
MD5
8753b30c978467aa1c2253e3b7718d3c

SHA1
5adce8f036e0082419b975cfecda00e9ccb11961

SHA256
092d1cbc999ed0d08ccfa7426b257f8083dc5e4e957b985284b54eda3debd0a3

SHA512
1368c85fabd09cc4ad17cc6411e3428013bc7b94087302c0e7ba791d09c5e80677c8a0305c42be601f759f53842cc97055720c4421b6c8cc50a94991749d0c94

Download Submit
\Program Files\Ledger Live\ffmpeg.dll
MD5
8753b30c978467aa1c2253e3b7718d3c

SHA1
5adce8f036e0082419b975cfecda00e9ccb11961

SHA256
092d1cbc999ed0d08ccfa7426b257f8083dc5e4e957b985284b54eda3debd0a3

SHA512
1368c85fabd09cc4ad17cc6411e3428013bc7b94087302c0e7ba791d09c5e80677c8a0305c42be601f759f53842cc97055720c4421b6c8cc50a94991749d0c94

Download Submit
\Program Files\Ledger Live\ffmpeg.dll
MD5
8753b30c978467aa1c2253e3b7718d3c

SHA1
5adce8f036e0082419b975cfecda00e9ccb11961

SHA256
092d1cbc999ed0d08ccfa7426b257f8083dc5e4e957b985284b54eda3debd0a3

SHA512
1368c85fabd09cc4ad17cc6411e3428013bc7b94087302c0e7ba791d09c5e80677c8a0305c42be601f759f53842cc97055720c4421b6c8cc50a94991749d0c94

Download Submit
\Program Files\Ledger Live\ffmpeg.dll
MD5
8753b30c978467aa1c2253e3b7718d3c

SHA1
5adce8f036e0082419b975cfecda00e9ccb11961

SHA256
092d1cbc999ed0d08ccfa7426b257f8083dc5e4e957b985284b54eda3debd0a3

SHA512
1368c85fabd09cc4ad17cc6411e3428013bc7b94087302c0e7ba791d09c5e80677c8a0305c42be601f759f53842cc97055720c4421b6c8cc50a94991749d0c94

Download Submit
\Program Files\Ledger Live\libEGL.dll
MD5
f097ff04092e4d68ed0968b7ccb01545

SHA1
7229d4927084bd0d0f8a16af55e549e72244251e

SHA256
bd883dc6c170c2123736d6a4ca4b893952a05d4cc91203d0d3d2cbcd63cfcb43

SHA512
5f301231f012848f7fe56145df165afa5f8788cc88f945b15b97446c86b76e92ef9ac1b0508feb802c1f8fbb98432dbd1fe5136ca9cc7b388a1ad5663af2cc1b

Download Submit
\Program Files\Ledger Live\libEGL.dll
MD5
f097ff04092e4d68ed0968b7ccb01545

SHA1
7229d4927084bd0d0f8a16af55e549e72244251e

SHA256
bd883dc6c170c2123736d6a4ca4b893952a05d4cc91203d0d3d2cbcd63cfcb43

SHA512
5f301231f012848f7fe56145df165afa5f8788cc88f945b15b97446c86b76e92ef9ac1b0508feb802c1f8fbb98432dbd1fe5136ca9cc7b388a1ad5663af2cc1b

Download Submit
\Program Files\Ledger Live\libGLESv2.dll
MD5
bb7300b6c66bca90c2a84af7aaab7918

SHA1
2d80d314da7806ec6f8a9336f0eae7afe24effc3

SHA256
0bebfdd3d91986b512c1d00236da3ceee107de0e6b6640f8f4b3956fee000fe2

SHA512
136cb9f7a839c06b4e2fac4eb340cd6c1449b4ae318846095864bdb86c586d1f9aadc1f4e2526702c66d059afb5d45d77d9a7be14ae4eb638ef371e0a95055e7

Download Submit
\Program Files\Ledger Live\libGLESv2.dll
MD5
bb7300b6c66bca90c2a84af7aaab7918

SHA1
2d80d314da7806ec6f8a9336f0eae7afe24effc3

SHA256
0bebfdd3d91986b512c1d00236da3ceee107de0e6b6640f8f4b3956fee000fe2

SHA512
136cb9f7a839c06b4e2fac4eb340cd6c1449b4ae318846095864bdb86c586d1f9aadc1f4e2526702c66d059afb5d45d77d9a7be14ae4eb638ef371e0a95055e7

Download Submit
\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\crypto.dll
MD5
323787c1ac33517a14d1606f3c031e17

SHA1
685eb94a22347b79ace0f2ba7fa6e9f6524141db

SHA256
efaf61708b6cfe0861aea8609dc371c75655352a404d3e3c212fa33a35c2191e

SHA512
85f5ac8b308e121a00983561eb6e491b29e6a9d6ffeb79b5cae3b13f64ef992beb802a4964b26d56b82a1ba906a8afe4318ef36752c623353f4fc2e3a8ec5dd5

Download Submit
\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\ledger-core-node.node
MD5
7451b751537c2e97da4f7ccde2c46382

SHA1
707bd2612f2a5fb79f57745ac2ea2b73330e6c95

SHA256
376b51461bd30547d5488d85a489935e66e39859ed57591ad336c241071a9d8c

SHA512
2627077dff090a4cd63c2ab1d60f6005e175310c99cc860b4af263df96c066fcad087be5582243a5273fab149ae155f27806e06cf6c9e238a147c011057ca861

Download Submit
\Program Files\Ledger Live\resources\app.asar.unpacked\node_modules\@ledgerhq\ledger-core\build\Release\ledger-core.dll
MD5
9561dab54448c8ec9341a01172c7512a

SHA1
611ce79b7556a0e78d1368f3eb205a1ff0b18017

SHA256
95c4d7d1885b3b9c930db304c0e967b4988a6194690f9ed5d73d2f5900eea804

SHA512
3c2adbe3b67113d121dfe07fcf3240261edd07e65d9a5ab502bfed7726c56518577f8eac7911a106f766fb2af1c8a763a44024f4ddd362832dcf276de50d2201

Download Submit
\Program Files\Ledger Live\swiftshader\libEGL.dll
MD5
d68ace0c88e1b4e933d8947f7d1caaa0

SHA1
f526193c10720426ba8b1fc54bf0de2138eaffc0

SHA256
158ebdba4bf1003734d9353d310e2ba5e1c271058bd6f9f45aa255175412c5da

SHA512
f427a9d95ca2b38cb7f8a9d5dc9c2016f9d6957bb01319136195b2c59a576d4722a4d0455eb6bc8f8b6d39e99dd6e4e5904491458ee307ed0e5f8e61db8f6659

Download Submit
\Program Files\Ledger Live\swiftshader\libGLESv2.dll
MD5
e6c88513ead7aecc9e40ca4ba6b336be

SHA1
51d4727e361a397f5a0625dcf86c7d8089e7f9a2

SHA256
612f229de2cb68d7c635eff653fa5ff91047c3a66cb0d5d1358af02b8da6824d

SHA512
6ca4d7b7eb95153648786717772ec2c4f689f012f1d2d778e4e4d3166c0360f3770c634c74902515d1c7c54eb94343c778db361b672cacb719fb66b46b391f02

Download Submit
\Users\Admin\AppData\Local\Temp\531797e3-4487-4ca3-b26a-f004d1e18650.tmp.node
MD5
b8f87e72240af450c8257d7ee9f63079

SHA1
b20f0db6c90c0711ea3f91b4863f57f05f42c33d

SHA256
16a3e09a55482033543dfd442e6942d705ad754de49a9f575c00baee6aefebf7

SHA512
af5eeced2258eea9adedb77fd76f986cd4317fe8437cb4a77f7c07f0ba1c3030380fd458405353fb953027ab1c7c9d72feac8c64855a21eefa5fc937bddb0b0a

Download Submit
\Users\Admin\AppData\Local\Temp\7625d6d3-2c47-487c-a3a0-45a3a29b60cd.tmp.node
MD5
7c554f3ba2c65eb19e3f0de25e135fb0

SHA1
47437696b5c593f1b1c251c4c220bdaf66bbb6b1

SHA256
a278414fb7c9b06c79ba27c3773e3c635e08e5d4c53bd6a07b9d1f0c669b6b33

SHA512
e66f1c17f4e8232e606e3b0028b650abe0911c30d45806039276c7351bb229627e906e105042b4d03b8976619204711e7988b4b944c8b8c933759d7b1a939f22

Download Submit
\Users\Admin\AppData\Local\Temp\7d1c54bc-cc2a-42fd-99e3-62d9004a4d78.tmp.node
MD5
e614ce74efc8f49c086dcc3be7ef75e2

SHA1
e3e79cfb285bc9fbec9e53ad1d73d5215414ff47

SHA256
4083cb5033cbc02664f2081a1728d677b6ce6f014d2631c92723269a62d1e601

SHA512
6eef751c9d3af436bfb5d1a5f7a9c8eb3b78e3e80a7363fe580ac560390a72381062588e0ab2f71573b8296f667688ca27f3fc4d276e823dc28ec3d320a11b60

Download Submit
\Users\Admin\AppData\Local\Temp\d9672f1a-219a-4d86-b921-5849eba01a62.tmp.node
MD5
14c373b1268668ca3d1f46e4d299bf39

SHA1
0427e180b7670b968b805b5739a9997f2f8b5b8f

SHA256
3dc8262f5886b2fe7955fbcfe22480626587ce9f4e127c970a193b0838d3b1ec

SHA512
931563fad227438b06c26ef99004d3c7cac9fad906331921eba95a085f2f8b4cb535bb83c928a3115cd976fafa5102d2880daec4f59966e47a953f56c3031561

Download Submit
\Users\Admin\AppData\Local\Temp\eda7166b-2225-47aa-a000-47e7289a5889.tmp.node
MD5
b8f87e72240af450c8257d7ee9f63079

SHA1
b20f0db6c90c0711ea3f91b4863f57f05f42c33d

SHA256
16a3e09a55482033543dfd442e6942d705ad754de49a9f575c00baee6aefebf7

SHA512
af5eeced2258eea9adedb77fd76f986cd4317fe8437cb4a77f7c07f0ba1c3030380fd458405353fb953027ab1c7c9d72feac8c64855a21eefa5fc937bddb0b0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsi281B.tmp\StdUtils.dll
MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsi281B.tmp\System.dll
MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsi281B.tmp\UAC.dll
MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nsi281B.tmp\WinShell.dll
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsi281B.tmp\WinShell.dll
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsi281B.tmp\nsDialogs.dll
MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
\Users\Admin\AppData\Local\Temp\nsi281B.tmp\nsProcess.dll
MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsi281B.tmp\nsis7z.dll
MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/524-72-0x00000000098B0000-0x00000000098D3000-memory.dmp

Filesize
140KB

Download
memory/524-68-0x0000000008CD0000-0x0000000008E03000-memory.dmp

Filesize
1.2MB

Download
memory/524-26-0x0000003800040000-0x0000003800041000-memory.dmp

Filesize
4KB

Download
memory/524-62-0x0000000008CD0000-0x0000000008CF3000-memory.dmp

Filesize
140KB

Download
memory/524-64-0x0000000008CD0000-0x0000000008E03000-memory.dmp

Filesize
1.2MB

Download
memory/524-66-0x0000000008CD0000-0x0000000008E03000-memory.dmp

Filesize
1.2MB

Download
memory/524-79-0x0000000008CD0000-0x0000000008E03000-memory.dmp

Filesize
1.2MB

Download
memory/624-29-0x0000000000000000-mapping.dmp

Download
memory/668-44-0x0000000000000000-mapping.dmp

Download
memory/908-42-0x0000000000000000-mapping.dmp

Download
memory/928-28-0x0000000000000000-mapping.dmp

Download
memory/1176-30-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1176-31-0x0000000000000000-mapping.dmp

Download
memory/1176-33-0x0000000077460000-0x0000000077461000-memory.dmp

Filesize
4KB

Download
memory/1932-49-0x0000000000000000-mapping.dmp

Download
memory/2108-65-0x0000000000000000-mapping.dmp

Download
memory/2288-70-0x0000000000000000-mapping.dmp

Download
memory/2356-74-0x0000000000000000-mapping.dmp

Download
memory/2452-83-0x0000000000000000-mapping.dmp

Download