66f6b803ee2102e4bf91ab41882cda27f336272af7f0b2d5cb8e13e0958c22a0

Analysis

max time kernel
104s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
05-02-2023 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DashboardSetup.exe
Size

4.0MB
MD5

c59615fb097de59c00f0cfaabc224d0d
SHA1

ab89fd49d4ff62197d332eb4b848ab1fa52466a4
SHA256

66f6b803ee2102e4bf91ab41882cda27f336272af7f0b2d5cb8e13e0958c22a0
SHA512

234dbf128aad941e215706942d501a25aeddbd525e685b83a8f3dd5d17e0d71f7f613dd5611d14a5abaebf2a10c065b17a7c1e93553e7c509eb7d049a8c6c9b1
SSDEEP

49152:r+8DSnPpFkB231R19LyvSqVEI8yoq3ctqFOF0gGk3gDGWdWsGCgrnKexpx5Lhwbv:rQ1atgG6gKWdnGCYg7

Score

8^/10

bootkit discovery persistence spyware stealer

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
60	4048	msiexec.exe
62	4048	msiexec.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	loki_hal_setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	DashboardSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe

Executes dropped EXE 11 IoCs

pid	Process
1524	7za.exe
2084	VC_redist.x86.exe
2704	VC_redist.x86.exe
1680	loki_hal_setup.exe
1080	loki_hal_setup.exe
3160	AacSetup.exe
1584	AsusInstallVerifier.exe
620	AsusInstallVerifier.exe
1728	Dashboard.exe
1232	QtWebEngineProcess.exe
4896	QtWebEngineProcess.exe

Loads dropped DLL 64 IoCs

pid	Process
2704	VC_redist.x86.exe
1080	loki_hal_setup.exe
1640	MsiExec.exe
1640	MsiExec.exe
1640	MsiExec.exe
1896	regsvr32.exe
1640	MsiExec.exe
5016	regsvr32.exe
4776	regsvr32.exe
1640	MsiExec.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1232	QtWebEngineProcess.exe
1232	QtWebEngineProcess.exe
1232	QtWebEngineProcess.exe
1232	QtWebEngineProcess.exe
1232	QtWebEngineProcess.exe
1232	QtWebEngineProcess.exe
1232	QtWebEngineProcess.exe
1232	QtWebEngineProcess.exe
1232	QtWebEngineProcess.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\InprocServer32\ = "C:\\Program Files\\ENE\\Aac_ENE_QSI_Loki_HAL\\AacHal_x64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\InprocServer32\ThreadingModel = "Both縀"	regsvr32.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	AacSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{205ef3a8-937b-43cb-90fc-2f58f71408d8} = "\"C:\\ProgramData\\Package Cache\\{205ef3a8-937b-43cb-90fc-2f58f71408d8}\\AacSetup.exe\" /burn.runonce"	AacSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Dashboard.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcpp\NvmeCommand.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\lib\ybindcpp.lib	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppscsi\InquiryBuffer.hpp	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yextvuc\hgst\fill_and_execute.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\lib\cutils.lib	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Gui.dll	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yexttcg\operations.h	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\imageformats\qtgad.pdb	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_adaptec.h	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_ata_windows.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_uvc.h	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppata\SmartReadDataCommand.hpp	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yexttcg\version.h	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcpp\PullDeviceDataOperation.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppscsi\ReadCapacityCommand.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppvuc\sandisk\PullHaloPmasInformationNvmeOperation.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\imageformats\qicns.dll	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppboost\version.hpp	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppfirmware\ScsiFirmwareDownloadOperation.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yextata\errors.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yextrgb\version.h	7za.exe
File created	C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x86.dll	msiexec.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\imageformats\qicod.pdb	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yextrgb\include.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yexttcg\tcg_uid.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\translations\qtwebengine_locales\cs.pak	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_usb_hub.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppata\CryptoScrambleExtCommand.hpp	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppnvme\include.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppvuc\sandisk\StreamDuiLogOperation.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\translations\qtwebengine_locales\et.pak	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\Dashboard.zip	DashboardSetup.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_iface.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5WebEngineWidgets.dll	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_scsi_windows.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppata\version.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\libEGL.dll	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\opengl32sw.dll	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\translations\qtwebengine_locales\da.pak	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_environment.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_return.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yexttcg\version.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\lib\ybindcppata.lib	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppata\BlockEraseExtCommand.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppvuc\sandisk\SetHaloPmasNvmeOperation.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yextvuc\common\fill_and_execute.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\disable\p50.json	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\imageformats\qpdf.pdb	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_dev.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcpp\Log.hpp	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5WebSockets.dll	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yadl\yadl_global_environment.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcpp	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppvuc\sandisk\SetGamingModeBitsOperation.hpp	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yexttcg\tcg_util.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppnvme\version.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\yextvuc\include.h	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\translations\qtwebengine_locales\nb.pak	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppata\SanitizeStatusExtCommand.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppfirmware\PullScsiFirmwareCapabilitiesOperation.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppnvme\IdentifyActiveNamespacesBuffer.hpp	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\ybindcppscan\Scanner.hpp	7za.exe
File created	C:\Program Files (x86)\Western Digital\SSD Dashboard\translations\qtwebengine_locales\sr.pak	7za.exe
File opened for modification	C:\Program Files (x86)\Western Digital\SSD Dashboard\include\cutils\version.h	7za.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSID032.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID246.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID331.tmp	msiexec.exe
File created	C:\Windows\Installer\e57c94b.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICEE9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID41D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID508.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57c94b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}	msiexec.exe
File created	C:\Windows\Installer\e57c94e.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 7 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Dashboard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000007c4a2b5d7b48cb040000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800007c4a2b5d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809007c4a2b5d000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007c4a2b5d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007c4a2b5d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Dashboard.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}\Dependents\{205ef3a8-937b-43cb-90fc-2f58f71408d8}	AacSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{205ef3a8-937b-43cb-90fc-2f58f71408d8}\ = "{205ef3a8-937b-43cb-90fc-2f58f71408d8}"	AacSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}\Version = "1.0.3.0"	AacSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\Name = "ENE_QSI_Loki_HAL"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\Pluging = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\UninstallString = "\"C:\\ProgramData\\Package Cache\\{205ef3a8-937b-43cb-90fc-2f58f71408d8}\\AacSetup.exe\" /uninstall /quiet"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}\Dependents	AacSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal\CLSID\ = "{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\InprocServer32\ = "C:\\Program Files\\ENE\\Aac_ENE_QSI_Loki_HAL\\AacHal_x64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\Version = "1.0.3.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\ProgID\ = "ENE_QSI_Loki.Hal.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\SpecVersion = "1.00.00"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal\ = "ENE_QSI_Loki"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal.1\ = "ENE_QSI_Loki"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\MsiUninstallString = "C:\\Windows\\system32\\msiexec.exe /quiet /x {BDE43F26-5917-44F8-B86A-F1D9A6B80B32}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\Version = "1.0.3.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}	AacSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal\CurVer\ = "ENE_QSI_Loki.Hal.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\InprocServer32\ = "C:\\Program Files\\ENE\\Aac_ENE_QSI_Loki_HAL\\AacHal_x86.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal.1\ = "ENE_QSI_Loki"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}\ = "{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}"	AacSetup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\Pluging = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\Name = "ENE_QSI_Loki_HAL"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\62F34EDB71958F448BA61F9D6A8BB023	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\SourceList\PackageName = "AacSetup.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2891029575-1462575-1165213807-1000\{2EC3A61D-453A-4B34-BF84-0B1CE9F7B1AE}	Dashboard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\ProgID\ = "ENE_QSI_Loki.Hal.1鼀"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\Description = "Ene QSI Loki RGB LED ctrl"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}v1.0.3.0\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\Manufacturer = "ENE TECHNOLOGY INC."	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{109DC3E4-B9FF-4AF3-9008-AB13705D4E5F}\Instance\{E9BBD754-6CF4-492E-BA89-782177A2771B}\Instance\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\UninstallString = "\"C:\\ProgramData\\Package Cache\\{205ef3a8-937b-43cb-90fc-2f58f71408d8}\\AacSetup.exe\" /uninstall /quiet"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal\CurVer\ = "ENE_QSI_Loki.Hal.1鼀"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{205ef3a8-937b-43cb-90fc-2f58f71408d8}\Dependents	AacSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}\DisplayName = "ENE_QSI_Loki_HAL"	AacSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}\ = "ENE_QSI_Loki"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ENE_QSI_Loki.Hal.1\CLSID\ = "{10B0F14F-B9CB-41FC-9DAA-FCDE6EBA0A50}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C2808BF9F6D6A0340AB256A839652ADB\62F34EDB71958F448BA61F9D6A8BB023	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\62F34EDB71958F448BA61F9D6A8BB023\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{205ef3a8-937b-43cb-90fc-2f58f71408d8}	AacSetup.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1728	Dashboard.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4048	msiexec.exe
4048	msiexec.exe
4048	msiexec.exe
1232	QtWebEngineProcess.exe
1232	QtWebEngineProcess.exe
4896	QtWebEngineProcess.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1728	Dashboard.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1524	7za.exe
Token: 35	1524	7za.exe
Token: SeSecurityPrivilege	1524	7za.exe
Token: SeSecurityPrivilege	1524	7za.exe
Token: SeBackupPrivilege	4340	vssvc.exe
Token: SeRestorePrivilege	4340	vssvc.exe
Token: SeAuditPrivilege	4340	vssvc.exe
Token: SeShutdownPrivilege	3160	AacSetup.exe
Token: SeIncreaseQuotaPrivilege	3160	AacSetup.exe
Token: SeSecurityPrivilege	4048	msiexec.exe
Token: SeCreateTokenPrivilege	3160	AacSetup.exe
Token: SeAssignPrimaryTokenPrivilege	3160	AacSetup.exe
Token: SeLockMemoryPrivilege	3160	AacSetup.exe
Token: SeIncreaseQuotaPrivilege	3160	AacSetup.exe
Token: SeMachineAccountPrivilege	3160	AacSetup.exe
Token: SeTcbPrivilege	3160	AacSetup.exe
Token: SeSecurityPrivilege	3160	AacSetup.exe
Token: SeTakeOwnershipPrivilege	3160	AacSetup.exe
Token: SeLoadDriverPrivilege	3160	AacSetup.exe
Token: SeSystemProfilePrivilege	3160	AacSetup.exe
Token: SeSystemtimePrivilege	3160	AacSetup.exe
Token: SeProfSingleProcessPrivilege	3160	AacSetup.exe
Token: SeIncBasePriorityPrivilege	3160	AacSetup.exe
Token: SeCreatePagefilePrivilege	3160	AacSetup.exe
Token: SeCreatePermanentPrivilege	3160	AacSetup.exe
Token: SeBackupPrivilege	3160	AacSetup.exe
Token: SeRestorePrivilege	3160	AacSetup.exe
Token: SeShutdownPrivilege	3160	AacSetup.exe
Token: SeDebugPrivilege	3160	AacSetup.exe
Token: SeAuditPrivilege	3160	AacSetup.exe
Token: SeSystemEnvironmentPrivilege	3160	AacSetup.exe
Token: SeChangeNotifyPrivilege	3160	AacSetup.exe
Token: SeRemoteShutdownPrivilege	3160	AacSetup.exe
Token: SeUndockPrivilege	3160	AacSetup.exe
Token: SeSyncAgentPrivilege	3160	AacSetup.exe
Token: SeEnableDelegationPrivilege	3160	AacSetup.exe
Token: SeManageVolumePrivilege	3160	AacSetup.exe
Token: SeImpersonatePrivilege	3160	AacSetup.exe
Token: SeCreateGlobalPrivilege	3160	AacSetup.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe
Token: SeTakeOwnershipPrivilege	4048	msiexec.exe
Token: SeRestorePrivilege	4048	msiexec.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe
1728	Dashboard.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 112	3520	DashboardSetup.exe	85
PID 3520 wrote to memory of 112	3520	DashboardSetup.exe	85
PID 3520 wrote to memory of 112	3520	DashboardSetup.exe	85
PID 112 wrote to memory of 1524	112	cmd.exe	87
PID 112 wrote to memory of 1524	112	cmd.exe	87
PID 112 wrote to memory of 1524	112	cmd.exe	87
PID 3520 wrote to memory of 2084	3520	DashboardSetup.exe	91
PID 3520 wrote to memory of 2084	3520	DashboardSetup.exe	91
PID 3520 wrote to memory of 2084	3520	DashboardSetup.exe	91
PID 2084 wrote to memory of 2704	2084	VC_redist.x86.exe	92
PID 2084 wrote to memory of 2704	2084	VC_redist.x86.exe	92
PID 2084 wrote to memory of 2704	2084	VC_redist.x86.exe	92
PID 3520 wrote to memory of 1680	3520	DashboardSetup.exe	94
PID 3520 wrote to memory of 1680	3520	DashboardSetup.exe	94
PID 3520 wrote to memory of 1680	3520	DashboardSetup.exe	94
PID 1680 wrote to memory of 1080	1680	loki_hal_setup.exe	95
PID 1680 wrote to memory of 1080	1680	loki_hal_setup.exe	95
PID 1680 wrote to memory of 1080	1680	loki_hal_setup.exe	95
PID 1080 wrote to memory of 3160	1080	loki_hal_setup.exe	96
PID 1080 wrote to memory of 3160	1080	loki_hal_setup.exe	96
PID 1080 wrote to memory of 3160	1080	loki_hal_setup.exe	96
PID 4048 wrote to memory of 1640	4048	msiexec.exe	105
PID 4048 wrote to memory of 1640	4048	msiexec.exe	105
PID 4048 wrote to memory of 1640	4048	msiexec.exe	105
PID 1640 wrote to memory of 1584	1640	MsiExec.exe	106
PID 1640 wrote to memory of 1584	1640	MsiExec.exe	106
PID 1640 wrote to memory of 1584	1640	MsiExec.exe	106
PID 1640 wrote to memory of 620	1640	MsiExec.exe	108
PID 1640 wrote to memory of 620	1640	MsiExec.exe	108
PID 1640 wrote to memory of 620	1640	MsiExec.exe	108
PID 1640 wrote to memory of 2924	1640	MsiExec.exe	110
PID 1640 wrote to memory of 2924	1640	MsiExec.exe	110
PID 1640 wrote to memory of 2924	1640	MsiExec.exe	110
PID 2924 wrote to memory of 1896	2924	cmd.exe	112
PID 2924 wrote to memory of 1896	2924	cmd.exe	112
PID 2924 wrote to memory of 1896	2924	cmd.exe	112
PID 1640 wrote to memory of 2944	1640	MsiExec.exe	113
PID 1640 wrote to memory of 2944	1640	MsiExec.exe	113
PID 1640 wrote to memory of 2944	1640	MsiExec.exe	113
PID 2944 wrote to memory of 5016	2944	cmd.exe	115
PID 2944 wrote to memory of 5016	2944	cmd.exe	115
PID 2944 wrote to memory of 5016	2944	cmd.exe	115
PID 5016 wrote to memory of 4776	5016	regsvr32.exe	116
PID 5016 wrote to memory of 4776	5016	regsvr32.exe	116
PID 3520 wrote to memory of 1728	3520	DashboardSetup.exe	117
PID 3520 wrote to memory of 1728	3520	DashboardSetup.exe	117
PID 3520 wrote to memory of 1728	3520	DashboardSetup.exe	117
PID 1728 wrote to memory of 1232	1728	Dashboard.exe	120
PID 1728 wrote to memory of 1232	1728	Dashboard.exe	120
PID 1728 wrote to memory of 1232	1728	Dashboard.exe	120
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121
PID 1728 wrote to memory of 4896	1728	Dashboard.exe	121

C:\Users\Admin\AppData\Local\Temp\DashboardSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DashboardSetup.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Windows\SysWOW64\cmd.exe
  cmd /C unzip.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:112
- - C:\Program Files (x86)\Western Digital\SSD Dashboard\7za.exe
    7za x -y Dashboard.zip
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of AdjustPrivilegeToken
    PID:1524
- C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe
  "C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe" /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Windows\Temp\{D93F2551-52DB-45DC-B275-CAEDDF3EA32F}\.cr\VC_redist.x86.exe
    "C:\Windows\Temp\{D93F2551-52DB-45DC-B275-CAEDDF3EA32F}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2704
- C:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe
  "C:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe" /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Windows\Temp\{6694C7E4-FA95-4384-9EFC-586B89885660}\.cr\loki_hal_setup.exe
    "C:\Windows\Temp\{6694C7E4-FA95-4384-9EFC-586B89885660}\.cr\loki_hal_setup.exe" -burn.clean.room="C:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /install /quiet /norestart
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1080
  - - C:\Windows\Temp\{5752B377-2195-45DE-9910-37E853E0A106}\.be\AacSetup.exe
      "C:\Windows\Temp\{5752B377-2195-45DE-9910-37E853E0A106}\.be\AacSetup.exe" -q -burn.elevated BurnPipe.{5883E3EA-D544-41A3-B269-D9E4F5FCE7F3} {B858466C-2AEA-4E65-8E16-3DD69D8D7A82} 1080
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:3160
- C:\Program Files (x86)\Western Digital\SSD Dashboard\Dashboard.exe
  "C:\Program Files (x86)\Western Digital\SSD Dashboard\Dashboard.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Checks SCSI registry key(s)
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exe
    "C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=es --service-sandbox-type=network --use-gl=angle --application-name=Dashboard --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2628 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1232
- - C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exe
    "C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=es --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --mojo-platform-channel-handle=2740 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4896

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4340

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:1736

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3B62972117863A5988135135CEE55DEA
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\AsusInstallVerifier.exe
    "C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\AsusInstallVerifier.exe" -mv -d "C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\x64hash.hash" -l "C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\verify64.log" -p [INSTALLFOLDER]="C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\ "
    3⤵
    - Executes dropped EXE
    PID:1584
- - C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\AsusInstallVerifier.exe
    "C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\AsusInstallVerifier.exe" -mv -d "C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\x86hash.hash" -l "C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\verify86.log" -p [INSTALLFOLDER]="C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\ "
    3⤵
    - Executes dropped EXE
    PID:620
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\SysWOW64\cmd.exe" /C start /MIN /B regsvr32 /s "C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x86.dll"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x86.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1896
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\SysWOW64\cmd.exe" /C start /MIN /B regsvr32 /s "C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x64.dll"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x64.dll"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:5016
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x64.dll"
        5⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Western Digital\SSD Dashboard\7za.exe

Filesize
589KB

MD5
b41886a0207245a4c7179671c6b0e6e5

SHA1
a10ecf2371137941ba4dee332b15066d88d4750e

SHA256
bf830307efc2b22c44d4d90ced495258e8d3f807d3ef12241e12eb4067c2c067

SHA512
9d9f265f2fff74c4cfac32fab636b3515d46b2ae8171a1e188e65c4554580f8e41aaaec184e013f0c2a02da64082f35a802d8f27d950f673bebaaa641839cbd7

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\7za.exe

Filesize
589KB

MD5
b41886a0207245a4c7179671c6b0e6e5

SHA1
a10ecf2371137941ba4dee332b15066d88d4750e

SHA256
bf830307efc2b22c44d4d90ced495258e8d3f807d3ef12241e12eb4067c2c067

SHA512
9d9f265f2fff74c4cfac32fab636b3515d46b2ae8171a1e188e65c4554580f8e41aaaec184e013f0c2a02da64082f35a802d8f27d950f673bebaaa641839cbd7

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Dashboard.exe

Filesize
15.9MB

MD5
77c97d68e9e2578e90a4c707205c42df

SHA1
65179bbb2383c2c60aea770d00f5edc0f2f956e6

SHA256
35fadabc84c28592ff61291b29ce6aead812389aa4709456e80154cd4d16e869

SHA512
c75990d03efe1b799d1864c0200cd0b06adae2340ee0e7063843f3143fda92a74552ad63ed28afaace4e4fb2b446a4dad6f786bcca765992a3e1cdf1a55f5db0

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Dashboard.exe

Filesize
15.9MB

MD5
77c97d68e9e2578e90a4c707205c42df

SHA1
65179bbb2383c2c60aea770d00f5edc0f2f956e6

SHA256
35fadabc84c28592ff61291b29ce6aead812389aa4709456e80154cd4d16e869

SHA512
c75990d03efe1b799d1864c0200cd0b06adae2340ee0e7063843f3143fda92a74552ad63ed28afaace4e4fb2b446a4dad6f786bcca765992a3e1cdf1a55f5db0

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Dashboard.zip

Filesize
109.3MB

MD5
bb25a5c36a0df21c40c532a40d252724

SHA1
46d09017d6525cca67c8a6d480dfd4f8f8f46e26

SHA256
8d5b0a556f93cbda3daaa580e70c9495f8407d30c00e0a802e82c77e8bd18a3f

SHA512
cb4af63f4b3f66d24dfe011d382aea000ac0e140bfee7611d530ee7052a585838998942ee48d141b054414b813c24900cd4e5c53b749161566e05796281b44f8

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Core.dll

Filesize
5.2MB

MD5
701de1489f4457b4fe6ca8731a6e63c9

SHA1
4fed86386ea356c07a4457166ce3560e4881a920

SHA256
72601dab01bb7f57584a9da618d89b4c3fb6d31647a5a3ed0b7e35d58192166c

SHA512
72f9330fa7a2ce1532d8577841c0239531fa9c2f1fcbb68c9e61ad3fd24a8af87bfcb47133429581603a17736d5f181a55a48c98633f876b11e9c4bb34758a85

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Core.dll

Filesize
5.2MB

MD5
701de1489f4457b4fe6ca8731a6e63c9

SHA1
4fed86386ea356c07a4457166ce3560e4881a920

SHA256
72601dab01bb7f57584a9da618d89b4c3fb6d31647a5a3ed0b7e35d58192166c

SHA512
72f9330fa7a2ce1532d8577841c0239531fa9c2f1fcbb68c9e61ad3fd24a8af87bfcb47133429581603a17736d5f181a55a48c98633f876b11e9c4bb34758a85

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Gui.dll

Filesize
5.4MB

MD5
2b20ca16521c6ef76804139f09fc992e

SHA1
d9d35a28e39ca9056e55056d6c998a3a7935ca09

SHA256
f0d19554fdd7bdfa2efc48e4f63be7122d171ade85d5150adf5ac69ea089821d

SHA512
e9bde5e78bb4e855a4f30e3fdaaac9b703f0b68f47a9e2ca08c0fa770165edfee2684327e7e16aa543a928f6ca5fa4e6c3d8f2b0e1e58eb519f2fe40f1a18f3e

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Gui.dll

Filesize
5.4MB

MD5
2b20ca16521c6ef76804139f09fc992e

SHA1
d9d35a28e39ca9056e55056d6c998a3a7935ca09

SHA256
f0d19554fdd7bdfa2efc48e4f63be7122d171ade85d5150adf5ac69ea089821d

SHA512
e9bde5e78bb4e855a4f30e3fdaaac9b703f0b68f47a9e2ca08c0fa770165edfee2684327e7e16aa543a928f6ca5fa4e6c3d8f2b0e1e58eb519f2fe40f1a18f3e

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Network.dll

Filesize
1.0MB

MD5
7e200077f1b20ddd79ea8952d2482d77

SHA1
4bd35a548255b9f1f093afa3a9753d511336c869

SHA256
b0d973be3a311824c8d93667666549c2549a75aef6321a4322896b3ea74b491a

SHA512
2e673532ebe1130528d8ca33e4d81419dc724fdff5216bb7177b354a152973af8e0d20852a8a01e82cec21643a952b3cd1d83020b2098ce7a9ba50ddf6d37756

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Network.dll

Filesize
1.0MB

MD5
7e200077f1b20ddd79ea8952d2482d77

SHA1
4bd35a548255b9f1f093afa3a9753d511336c869

SHA256
b0d973be3a311824c8d93667666549c2549a75aef6321a4322896b3ea74b491a

SHA512
2e673532ebe1130528d8ca33e4d81419dc724fdff5216bb7177b354a152973af8e0d20852a8a01e82cec21643a952b3cd1d83020b2098ce7a9ba50ddf6d37756

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5PrintSupport.dll

Filesize
255KB

MD5
e55dbd2b3c2ccb4f136593ef68c7565c

SHA1
00ea67ea40e78e516058a56bd7cffc9a6145a697

SHA256
7756693668917f0de51bebd64259ba17117a8990aa8bf49401ed8cc7dad96286

SHA512
874210046b8a932ad57d0d022aa6931ab8972d036d38933a80cc6882bcf3e45adfb33a99a9227322a352005691fd38316959b6c662367d45afec323492608176

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5PrintSupport.dll

Filesize
255KB

MD5
e55dbd2b3c2ccb4f136593ef68c7565c

SHA1
00ea67ea40e78e516058a56bd7cffc9a6145a697

SHA256
7756693668917f0de51bebd64259ba17117a8990aa8bf49401ed8cc7dad96286

SHA512
874210046b8a932ad57d0d022aa6931ab8972d036d38933a80cc6882bcf3e45adfb33a99a9227322a352005691fd38316959b6c662367d45afec323492608176

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Qml.dll

Filesize
2.9MB

MD5
5a7e23125382a8989ed8a680ee0afd2f

SHA1
ad2597529ad86cf63016a5d55e22296123b1782d

SHA256
e012f01e326bce6b75965256d3afd0bf5e20cdcd19ec4452321c70d703c2d23b

SHA512
64f5f2718498040813a023530181c69a441b71cfce168c237b5d34c669ec85d5b72c7babdda71b60783f156a1386d2c764c7184f2a3179c731629c17721db608

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Qml.dll

Filesize
2.9MB

MD5
5a7e23125382a8989ed8a680ee0afd2f

SHA1
ad2597529ad86cf63016a5d55e22296123b1782d

SHA256
e012f01e326bce6b75965256d3afd0bf5e20cdcd19ec4452321c70d703c2d23b

SHA512
64f5f2718498040813a023530181c69a441b71cfce168c237b5d34c669ec85d5b72c7babdda71b60783f156a1386d2c764c7184f2a3179c731629c17721db608

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5QmlModels.dll

Filesize
340KB

MD5
b6908afe83ee79732bd1e61cf499e952

SHA1
ff9b84b15c54ac63491f67f1093eaa986e1d48f9

SHA256
e9baf9e0f3a5b32023bbe6bda01e431ae2a24cbd29d6abd22a102a303eff0d4c

SHA512
c91258771351949e22083337acf4beda41dbb79bb1820f475becc5d0b11debe242b82bed893cd3ce8c88bfdaf85404882a8af522e09435b17903c3c815c9d130

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5QmlModels.dll

Filesize
340KB

MD5
b6908afe83ee79732bd1e61cf499e952

SHA1
ff9b84b15c54ac63491f67f1093eaa986e1d48f9

SHA256
e9baf9e0f3a5b32023bbe6bda01e431ae2a24cbd29d6abd22a102a303eff0d4c

SHA512
c91258771351949e22083337acf4beda41dbb79bb1820f475becc5d0b11debe242b82bed893cd3ce8c88bfdaf85404882a8af522e09435b17903c3c815c9d130

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Quick.dll

Filesize
3.3MB

MD5
8cdb3a4e976a4b252d7d319a1a5e47cf

SHA1
e2bccd465116f8476e9247e2d2f6a5270b7a74dc

SHA256
9c73436b2528f5665be885d7d833d319f95e4bf8038110d3758d6195a813feb3

SHA512
452256cc8223186545686c7922a140ca6c7b50b464c8a9694988e32b4bb7f0fcf7e85bf4bee2735e68b46455e013256eb20fca1de3852c4d2678cfbde4a50632

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Quick.dll

Filesize
3.3MB

MD5
8cdb3a4e976a4b252d7d319a1a5e47cf

SHA1
e2bccd465116f8476e9247e2d2f6a5270b7a74dc

SHA256
9c73436b2528f5665be885d7d833d319f95e4bf8038110d3758d6195a813feb3

SHA512
452256cc8223186545686c7922a140ca6c7b50b464c8a9694988e32b4bb7f0fcf7e85bf4bee2735e68b46455e013256eb20fca1de3852c4d2678cfbde4a50632

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5QuickWidgets.dll

Filesize
60KB

MD5
4ad16329ff0f1882877f8b2dd286d484

SHA1
104c0349f85462c77895af36ecff6af91d76b4f5

SHA256
ef29def1feca86fbec77bb60b8b559304794a09425e601394ae3344db0779113

SHA512
a2d4eeaf5611af820e11716e057bdb0f56a4206016c7d5475e43db9f3308c8c73b7b147c0a757c38c69c08bcaf7cbef6e1853a5d8e64e6813188eb96ddeda8ae

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5QuickWidgets.dll

Filesize
60KB

MD5
4ad16329ff0f1882877f8b2dd286d484

SHA1
104c0349f85462c77895af36ecff6af91d76b4f5

SHA256
ef29def1feca86fbec77bb60b8b559304794a09425e601394ae3344db0779113

SHA512
a2d4eeaf5611af820e11716e057bdb0f56a4206016c7d5475e43db9f3308c8c73b7b147c0a757c38c69c08bcaf7cbef6e1853a5d8e64e6813188eb96ddeda8ae

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5WebChannel.dll

Filesize
99KB

MD5
ef8455adbdd3313ff7daac319ea04152

SHA1
9a32ac1ea825f5bb3cd8a231aff6aa37ad6ffcfc

SHA256
1d936ccb0ea7852a7c0cf5bf0a093a09ba9650fc512bb390393d8dd6df4e658a

SHA512
a8ac644f3c1379d7b42b3ace81f19c4158d68fc93316718f46d9dea085d85cd1883ca5601deeed6aa424ed8c442ddc91e2ea23739ebfe8dc782e84b273974353

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5WebChannel.dll

Filesize
99KB

MD5
ef8455adbdd3313ff7daac319ea04152

SHA1
9a32ac1ea825f5bb3cd8a231aff6aa37ad6ffcfc

SHA256
1d936ccb0ea7852a7c0cf5bf0a093a09ba9650fc512bb390393d8dd6df4e658a

SHA512
a8ac644f3c1379d7b42b3ace81f19c4158d68fc93316718f46d9dea085d85cd1883ca5601deeed6aa424ed8c442ddc91e2ea23739ebfe8dc782e84b273974353

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5WebEngineCore.dll

Filesize
71.9MB

MD5
dc0682492cc0c7442502f397ed08ce94

SHA1
9a7c7b4c8ee236abd56f4716ac056ff1ac91fb0b

SHA256
daae5029276d872bab48af7dfeeeed256fe8281f4826ccdefd3579a67aac387e

SHA512
74abd741a9ced6fc273d5e56eb814fcb722526840b0c9d7e4c500124bc8e8e50687ecab9729c6a72e7f404e116c98151841d45d8c563a743b7362b6acb7bc30b

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5WebEngineCore.dll

Filesize
71.9MB

MD5
dc0682492cc0c7442502f397ed08ce94

SHA1
9a7c7b4c8ee236abd56f4716ac056ff1ac91fb0b

SHA256
daae5029276d872bab48af7dfeeeed256fe8281f4826ccdefd3579a67aac387e

SHA512
74abd741a9ced6fc273d5e56eb814fcb722526840b0c9d7e4c500124bc8e8e50687ecab9729c6a72e7f404e116c98151841d45d8c563a743b7362b6acb7bc30b

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5WebEngineWidgets.dll

Filesize
192KB

MD5
7bb0a917c0a9d7fde7d497b5cd69fa30

SHA1
4a11eb0d056d42b27ec471197465def2779bffbb

SHA256
ba72272f37f7601e0b6b6f84f4cacd607ce60ed52fdf10c18b97dc58961ae07c

SHA512
53dbcb8d8a0593d01556e5a30b43d57f60b3b787bc1e70bc313959234332018cfddbf86a4baff8fab37eb49851e9ee6f6b7118442d679e0eac4e7fde0014cc5b

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5WebEngineWidgets.dll

Filesize
192KB

MD5
7bb0a917c0a9d7fde7d497b5cd69fa30

SHA1
4a11eb0d056d42b27ec471197465def2779bffbb

SHA256
ba72272f37f7601e0b6b6f84f4cacd607ce60ed52fdf10c18b97dc58961ae07c

SHA512
53dbcb8d8a0593d01556e5a30b43d57f60b3b787bc1e70bc313959234332018cfddbf86a4baff8fab37eb49851e9ee6f6b7118442d679e0eac4e7fde0014cc5b

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Widgets.dll

Filesize
4.3MB

MD5
9db0440cdddc61c56b2bd2aab8217b8c

SHA1
eb96fdd1e02aeb8ee32e31dbb3c06b74315a36d5

SHA256
e3687c86f799da7c2d78939092b1bb4e69c96f9ba6616b2f8e7c98fabc296b07

SHA512
52363a5ce6283a295fc38b1b43db357f4ea7fdd5a59351d81b5084d59092952817670f85a619d22ab45f031338755151c38101c9c2b7cedadbcc6d97b84b6012

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\Qt5Widgets.dll

Filesize
4.3MB

MD5
9db0440cdddc61c56b2bd2aab8217b8c

SHA1
eb96fdd1e02aeb8ee32e31dbb3c06b74315a36d5

SHA256
e3687c86f799da7c2d78939092b1bb4e69c96f9ba6616b2f8e7c98fabc296b07

SHA512
52363a5ce6283a295fc38b1b43db357f4ea7fdd5a59351d81b5084d59092952817670f85a619d22ab45f031338755151c38101c9c2b7cedadbcc6d97b84b6012

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe

Filesize
13.7MB

MD5
69551a0aba9be450ef30813456bbfe58

SHA1
85354326ef8fbe908d9331446b8c8463577c5633

SHA256
50a3e92ade4c2d8f310a2812d46322459104039b9deadbd7fdd483b5c697c0c8

SHA512
f7a8578146a8666174adcffa8212eaddce8e433d7531c4704e2a35e7ce723f92b968e5b9df9c6662f351edd21317f929c04d23bf2b976642a92d663d0e3f5240

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe

Filesize
13.7MB

MD5
69551a0aba9be450ef30813456bbfe58

SHA1
85354326ef8fbe908d9331446b8c8463577c5633

SHA256
50a3e92ade4c2d8f310a2812d46322459104039b9deadbd7fdd483b5c697c0c8

SHA512
f7a8578146a8666174adcffa8212eaddce8e433d7531c4704e2a35e7ce723f92b968e5b9df9c6662f351edd21317f929c04d23bf2b976642a92d663d0e3f5240

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe

Filesize
1.8MB

MD5
d725be1215498f9a85f4b1c7f8dc8644

SHA1
1682a5c76a5b0ccc844eeada50b5dfd18fbf71d8

SHA256
893509b9185f52c5ff26f1392a9d0d6daf8cdea2a5f3901ad84e9f963a07f425

SHA512
f7ecfaa3dfdf6b475bcafe6c8ed4dd770d12da3333148f2e17157228a38560dd6766cd1173a21ce5b5778e653b05a6de7f6baece3d180c58a3dbc8eee95dba4a

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe

Filesize
1.8MB

MD5
d725be1215498f9a85f4b1c7f8dc8644

SHA1
1682a5c76a5b0ccc844eeada50b5dfd18fbf71d8

SHA256
893509b9185f52c5ff26f1392a9d0d6daf8cdea2a5f3901ad84e9f963a07f425

SHA512
f7ecfaa3dfdf6b475bcafe6c8ed4dd770d12da3333148f2e17157228a38560dd6766cd1173a21ce5b5778e653b05a6de7f6baece3d180c58a3dbc8eee95dba4a

Download Submit
C:\Program Files (x86)\Western Digital\SSD Dashboard\unzip.bat

Filesize
44B

MD5
7df9e404c0194deb2a0f819c8136afbd

SHA1
a7cafbb988cbddbfa7cfa2dcdb479d6fae61478a

SHA256
d75efe3fdb6c0227ec66f68149f251c6f06ffc8b51dedf04f50923b2d48382d4

SHA512
63e4c5b58b9ad5a8672dc2f56ddef19c49a5f18515db5e09d46dd657798fa4261450217155b7cfe5b062f95aa0d353bbcadc6197bac0c1135a9c2de299946cb8

Download Submit
C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x64.dll

Filesize
266KB

MD5
564bebc8a20babe5c115cd43cc259e06

SHA1
3c8ef350b17405b2e0eb796a1c2b74002889652f

SHA256
02076955a862ecd0dfc4f90598c0fd09c66c6474cf2b01c90a445a3401bb0896

SHA512
212bc7967ee565475e8affd6be7e99c3264323d65676abe401950b9c788fff91911a2fe6f8b572dfcdb57758ae36109fe068df4dd0a5255f102eac1d9a016ecf

Download Submit
C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x64.dll

Filesize
266KB

MD5
564bebc8a20babe5c115cd43cc259e06

SHA1
3c8ef350b17405b2e0eb796a1c2b74002889652f

SHA256
02076955a862ecd0dfc4f90598c0fd09c66c6474cf2b01c90a445a3401bb0896

SHA512
212bc7967ee565475e8affd6be7e99c3264323d65676abe401950b9c788fff91911a2fe6f8b572dfcdb57758ae36109fe068df4dd0a5255f102eac1d9a016ecf

Download Submit
C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x64.dll

Filesize
266KB

MD5
564bebc8a20babe5c115cd43cc259e06

SHA1
3c8ef350b17405b2e0eb796a1c2b74002889652f

SHA256
02076955a862ecd0dfc4f90598c0fd09c66c6474cf2b01c90a445a3401bb0896

SHA512
212bc7967ee565475e8affd6be7e99c3264323d65676abe401950b9c788fff91911a2fe6f8b572dfcdb57758ae36109fe068df4dd0a5255f102eac1d9a016ecf

Download Submit
C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x86.dll

Filesize
251KB

MD5
978057c8684ddbbc7edb768e34169493

SHA1
c4bb9527e9ccae7b9df309e5cd92db03525cbb76

SHA256
f87764fcf9ee83e6ad235087a5c37c2b63dd9cc9b4bb64f0349634d178e8ce06

SHA512
72bfaefbcf29437e868b4bf3e811ecc86d72d463b03a6ead3c38ca84808a80b735cb27dec547ce3dc8f9b5d21b53b543253e8dfaaaa1efbebb17ead2aaa8183f

Download Submit
C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x86.dll

Filesize
251KB

MD5
978057c8684ddbbc7edb768e34169493

SHA1
c4bb9527e9ccae7b9df309e5cd92db03525cbb76

SHA256
f87764fcf9ee83e6ad235087a5c37c2b63dd9cc9b4bb64f0349634d178e8ce06

SHA512
72bfaefbcf29437e868b4bf3e811ecc86d72d463b03a6ead3c38ca84808a80b735cb27dec547ce3dc8f9b5d21b53b543253e8dfaaaa1efbebb17ead2aaa8183f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\AsusInstallVerifier.exe

Filesize
824KB

MD5
2a9ddd07098f0356c03feb058ec0b169

SHA1
ec4b5faf62b461f119ea07be4f5e1be65bdc1456

SHA256
a50f0e4a66a1a59e3568c185c5f390b3811a54312298e3f31b29d310e0220eac

SHA512
dcdd6e835401ff1d05952e8ce8019af864e20220742e5415f53e61a25b77e6a89340e4d2e06b5652d0d945438f00dcd203fdee9971fd8903053ab547de026506

Download Submit
C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\AsusInstallVerifier.exe

Filesize
824KB

MD5
2a9ddd07098f0356c03feb058ec0b169

SHA1
ec4b5faf62b461f119ea07be4f5e1be65bdc1456

SHA256
a50f0e4a66a1a59e3568c185c5f390b3811a54312298e3f31b29d310e0220eac

SHA512
dcdd6e835401ff1d05952e8ce8019af864e20220742e5415f53e61a25b77e6a89340e4d2e06b5652d0d945438f00dcd203fdee9971fd8903053ab547de026506

Download Submit
C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\AsusInstallVerifier.exe

Filesize
824KB

MD5
2a9ddd07098f0356c03feb058ec0b169

SHA1
ec4b5faf62b461f119ea07be4f5e1be65bdc1456

SHA256
a50f0e4a66a1a59e3568c185c5f390b3811a54312298e3f31b29d310e0220eac

SHA512
dcdd6e835401ff1d05952e8ce8019af864e20220742e5415f53e61a25b77e6a89340e4d2e06b5652d0d945438f00dcd203fdee9971fd8903053ab547de026506

Download Submit
C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\x64hash.hash

Filesize
77B

MD5
db5a5f8446cc35abab03d164704b5d1d

SHA1
8b9e519fdb333ea4d9df88c30c7e655bd723f150

SHA256
bee4d000bf7af53c6a589bd905497efdaf32aaf93095d42881c905fe8f5cf6e0

SHA512
244a11aa03660cf52ea5f2d0cf3e57407e4e5e93552c7f77496f4f9888f77e95ce38d65db937509b2aa7ec60fa6dae55ebb3cc63ea95fbb236f3e209c80755ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\ENE\Aac_ENE_QSI_Loki_HAL\x86hash.hash

Filesize
77B

MD5
5027415efc9b05cbd410a8c045ab98b7

SHA1
f3549fe2e6e57abecc6aebe7dd80e0156d2c2087

SHA256
df293aac4dd9ddb83a488ecd5fc4f94c7367f408785e5243d7352cd85f0e0e36

SHA512
d8a075d47fb0b66923b22927a93df97124ad34420d6e441c9fd2d59f841eee82996cbaf8d6a4e7ed09abc2ad0786e2436dd9e231738ebc0fdc2708c981b73350

Download Submit
C:\Users\Admin\AppData\Local\Temp\ENE_QSI_Loki_HAL_20230205143329_000_Setup64.log

Filesize
1KB

MD5
763c925bf2d5ea0ff0cea0344500c2e7

SHA1
8a171157f70a9c32eb6cf0a55f44ed350e512efb

SHA256
78f2e1d40b73a45a992e90c0f7de329743c6dae40cb05982d679ec9a395dfef1

SHA512
61842653fbdb540ba6ddcb1d578653da051ab2a71daa4f24d7d7df2b189e0e4bda0335daf6112ce980f215e410390c9a14780abc7beebbbfef92a5a70435dc27

Download Submit
C:\Windows\Installer\MSID032.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Installer\MSID032.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Installer\MSID246.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Installer\MSID246.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Installer\MSID331.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Installer\MSID331.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Installer\MSID41D.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Installer\MSID41D.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Installer\MSID508.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Installer\MSID508.tmp

Filesize
202KB

MD5
d773d9bd091e712df7560f576da53de8

SHA1
165cfbdce1811883360112441f7237b287cf0691

SHA256
e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

SHA512
15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

Download Submit
C:\Windows\Temp\{5752B377-2195-45DE-9910-37E853E0A106}\.ba\wixstdba.dll

Filesize
175KB

MD5
8ca04519005ad03b4d9e062b97d7f79d

SHA1
df53ed9440d027401d502f3297668009030350a7

SHA256
7b9f919a3d1974fd8fa35ad189edc8bf287f476bd377e713e616b26864a4b0d3

SHA512
1a29e9e9bd798c892a7cd3cd4ff259195e4a92e26f53e8f1a86c75c5eb8fdda58ceba312cd791651fad5ce04529696195815a4ba5c143ad52a5ea0d7c539bb77

Download Submit
C:\Windows\Temp\{5752B377-2195-45DE-9910-37E853E0A106}\.be\AacSetup.exe

Filesize
559KB

MD5
0ff80db3d98ab86398e4644405df84e8

SHA1
49b6136ea0a2e98cbc177183499f3a0c1db4b101

SHA256
c8a393ef9a367a3cb8f71b38b66952f4d38139f9d2db6a1e4e26811f6a312bc5

SHA512
79e045b61305c94e27f1eab0ef91a838702020fb2bb9047e02b057fd88ad4fb2906e72b913286774ccef96c2b9aea5534f3958a878a78b7a8d08869e1a5baffd

Download Submit
C:\Windows\Temp\{5752B377-2195-45DE-9910-37E853E0A106}\.be\AacSetup.exe

Filesize
559KB

MD5
0ff80db3d98ab86398e4644405df84e8

SHA1
49b6136ea0a2e98cbc177183499f3a0c1db4b101

SHA256
c8a393ef9a367a3cb8f71b38b66952f4d38139f9d2db6a1e4e26811f6a312bc5

SHA512
79e045b61305c94e27f1eab0ef91a838702020fb2bb9047e02b057fd88ad4fb2906e72b913286774ccef96c2b9aea5534f3958a878a78b7a8d08869e1a5baffd

Download Submit
C:\Windows\Temp\{5752B377-2195-45DE-9910-37E853E0A106}\Setup64

Filesize
848KB

MD5
a79e4fa55ec329621872924f5f6cd353

SHA1
f8ae1a3c7561b364c1468a19c27550fa5ee50929

SHA256
f11d2e22226e5c5a215b4f290121156b8def0723628ee0d6a3d766e026e732a8

SHA512
434fa3fe7631307fdd892718ea5b3921a6b4722dfc1d8ad571be3b3ab75049573903102c82a6e9bf92f6d5b563c6113a405b46f0d3829ef494ab909c92c5bb4f

Download Submit
C:\Windows\Temp\{6694C7E4-FA95-4384-9EFC-586B89885660}\.cr\loki_hal_setup.exe

Filesize
559KB

MD5
0ff80db3d98ab86398e4644405df84e8

SHA1
49b6136ea0a2e98cbc177183499f3a0c1db4b101

SHA256
c8a393ef9a367a3cb8f71b38b66952f4d38139f9d2db6a1e4e26811f6a312bc5

SHA512
79e045b61305c94e27f1eab0ef91a838702020fb2bb9047e02b057fd88ad4fb2906e72b913286774ccef96c2b9aea5534f3958a878a78b7a8d08869e1a5baffd

Download Submit
C:\Windows\Temp\{6694C7E4-FA95-4384-9EFC-586B89885660}\.cr\loki_hal_setup.exe

Filesize
559KB

MD5
0ff80db3d98ab86398e4644405df84e8

SHA1
49b6136ea0a2e98cbc177183499f3a0c1db4b101

SHA256
c8a393ef9a367a3cb8f71b38b66952f4d38139f9d2db6a1e4e26811f6a312bc5

SHA512
79e045b61305c94e27f1eab0ef91a838702020fb2bb9047e02b057fd88ad4fb2906e72b913286774ccef96c2b9aea5534f3958a878a78b7a8d08869e1a5baffd

Download Submit
C:\Windows\Temp\{A78DD658-1328-40A9-AFF2-666798246182}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{D93F2551-52DB-45DC-B275-CAEDDF3EA32F}\.cr\VC_redist.x86.exe

Filesize
632KB

MD5
85900a652ad68a9b2afaf8ed318f2f75

SHA1
cd88194055ba4d18747545fc80e1ceb3612033d3

SHA256
e5c0020e115c77403570a0ac0a71607bffaf26b7ca2a33b07ac447429820874b

SHA512
d2b542d1040718f3ed476ba49ca40aed508bb6df3eee17b036ea27c6ab1f38f6f97e7a53a971d611ccc0ba9c6b3e10e8b7bb0cec32c22d9ac6d80dbaa08a3c98

Download Submit
C:\Windows\Temp\{D93F2551-52DB-45DC-B275-CAEDDF3EA32F}\.cr\VC_redist.x86.exe

Filesize
632KB

MD5
85900a652ad68a9b2afaf8ed318f2f75

SHA1
cd88194055ba4d18747545fc80e1ceb3612033d3

SHA256
e5c0020e115c77403570a0ac0a71607bffaf26b7ca2a33b07ac447429820874b

SHA512
d2b542d1040718f3ed476ba49ca40aed508bb6df3eee17b036ea27c6ab1f38f6f97e7a53a971d611ccc0ba9c6b3e10e8b7bb0cec32c22d9ac6d80dbaa08a3c98

Download Submit
memory/112-134-0x0000000000000000-mapping.dmp

Download
memory/620-170-0x0000000000000000-mapping.dmp

Download
memory/1080-151-0x0000000000000000-mapping.dmp

Download
memory/1232-216-0x0000000000000000-mapping.dmp

Download
memory/1524-136-0x0000000000000000-mapping.dmp

Download
memory/1584-163-0x0000000000000000-mapping.dmp

Download
memory/1640-160-0x0000000000000000-mapping.dmp

Download
memory/1680-148-0x0000000000000000-mapping.dmp

Download
memory/1728-215-0x0000000003800000-0x0000000003810000-memory.dmp

Filesize
64KB

Download
memory/1728-222-0x0000000003800000-0x0000000003810000-memory.dmp

Filesize
64KB

Download
memory/1728-188-0x0000000000000000-mapping.dmp

Download
memory/1896-177-0x0000000000000000-mapping.dmp

Download
memory/2084-141-0x0000000000000000-mapping.dmp

Download
memory/2704-144-0x0000000000000000-mapping.dmp

Download
memory/2924-176-0x0000000000000000-mapping.dmp

Download
memory/2944-181-0x0000000000000000-mapping.dmp

Download
memory/3160-155-0x0000000000000000-mapping.dmp

Download
memory/3520-195-0x0000000000AE0000-0x0000000000F5F000-memory.dmp

Filesize
4.5MB

Download
memory/3520-133-0x0000000000AE0000-0x0000000000F5F000-memory.dmp

Filesize
4.5MB

Download
memory/3520-132-0x0000000000AE0000-0x0000000000F5F000-memory.dmp

Filesize
4.5MB

Download
memory/4776-184-0x0000000000000000-mapping.dmp

Download
memory/4896-218-0x0000000000000000-mapping.dmp

Download
memory/5016-182-0x0000000000000000-mapping.dmp

Download