hxxps://github[.]com/ShareX/ShareX/releases/download/v15[.]0[.]0/ShareX-15[.]0[.]0-setup[.]exe

Analysis

max time kernel
436s
max time network
440s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2023, 13:27

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/ShareX/ShareX/releases/download/v15.0.0/ShareX-15.0.0-setup.exe

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk	ShareX-15.0.0-setup.tmp

Executes dropped EXE 5 IoCs

pid	Process
4588	ShareX-15.0.0-setup.exe
4012	ShareX-15.0.0-setup.tmp
2904	ShareX.exe
3376	ShareX.exe
1644	ShareX.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\ShareX\is-806JH.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\zh-TW\is-CCE6E.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-BPLOG.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-T8U57.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-LH96N.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-DF3SV.tmp	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\de\ShareX.IndexerLib.resources.dll	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\nl-NL\ShareX.resources.dll	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\zh-CN\ShareX.IndexerLib.resources.dll	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Licenses\is-RSTUT.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\ja-JP\is-N2UUD.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\ru\is-PN7PM.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-RRODI.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\id-ID\is-3LKMT.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\zh-TW\is-DCPL5.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-R998P.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-I4L4J.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-5HELA.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-8PCEF.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-CHJL5.tmp	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\ro\ShareX.HistoryLib.resources.dll	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\fa-IR\ShareX.IndexerLib.resources.dll	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\hu\is-1PHU2.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\hu\is-3KDGN.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\it-IT\is-5QR9T.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-95VI3.tmp	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\uk\ShareX.MediaLib.resources.dll	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\tr\is-SU0OI.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-O8F71.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-O5PTR.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-KV0EA.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-ORO63.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-J2EOT.tmp	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\de\ShareX.UploadersLib.resources.dll	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\ja-JP\ShareX.HelpersLib.resources.dll	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\tr\is-KORT1.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\uk\is-AHTO6.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\vi-VN\is-8QS05.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-GPQTO.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-N10TU.tmp	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\fa-IR\ShareX.MediaLib.resources.dll	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\ko-KR\is-92CC1.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\uk\is-5PSRA.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-NCLUN.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-0G70C.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-6LTNO.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-3VBAE.tmp	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\fr\ShareX.resources.dll	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\ro\ShareX.MediaLib.resources.dll	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\is-CR4E9.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\de\is-PG779.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\ja-JP\is-63C5I.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\ko-KR\is-AOQT9.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-3OS7V.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-3QGLQ.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-D6RGN.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-6729L.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-25HCR.tmp	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\ShareX.ImageEffectsLib.dll	ShareX-15.0.0-setup.tmp
File opened for modification	C:\Program Files\ShareX\Languages\zh-TW\ShareX.resources.dll	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\is-N6MPF.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\fa-IR\is-DSEQR.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Languages\tr\is-70227.tmp	ShareX-15.0.0-setup.tmp
File created	C:\Program Files\ShareX\Stickers\BlobEmoji\is-2DN0Q.tmp	ShareX-15.0.0-setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "124"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 34 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Directory\shell\ShareX\Icon = "\"C:\\Program Files\\ShareX\\ShareX.exe\",0"	ShareX-15.0.0-setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\.sxcu	ShareX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxie\ = "ShareX image effect"	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\*	ShareX-15.0.0-setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\*\shell	ShareX-15.0.0-setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\*\shell\ShareX\ = "Upload with ShareX"	ShareX-15.0.0-setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\.sxcu\ = "ShareX.sxcu"	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxcu	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxie\DefaultIcon	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxie\shell\open\command	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxie\shell	ShareX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\*\shell\ShareX\Icon = "\"C:\\Program Files\\ShareX\\ShareX.exe\",0"	ShareX-15.0.0-setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\*\shell\ShareX\command	ShareX-15.0.0-setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\*\shell\ShareX\command\ = "\"C:\\Program Files\\ShareX\\ShareX.exe\" \"%1\""	ShareX-15.0.0-setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Directory	ShareX-15.0.0-setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Directory\shell	ShareX-15.0.0-setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Directory\shell\ShareX\command	ShareX-15.0.0-setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxcu\DefaultIcon\ = "\"C:\\Program Files\\ShareX\\ShareX.exe\",0"	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxie\shell\open	ShareX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxie\shell\open\command\ = "\"C:\\Program Files\\ShareX\\ShareX.exe\" -ImageEffect \"%1\""	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\*\shell\ShareX	ShareX-15.0.0-setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Directory\shell\ShareX	ShareX-15.0.0-setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Directory\shell\ShareX\command\ = "\"C:\\Program Files\\ShareX\\ShareX.exe\" \"%1\""	ShareX-15.0.0-setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxie	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxcu\DefaultIcon	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxcu\shell\open\command	ShareX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxcu\shell\open\command\ = "\"C:\\Program Files\\ShareX\\ShareX.exe\" -CustomUploader \"%1\""	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxcu\shell\open	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\.sxie	ShareX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\.sxie\ = "ShareX.sxie"	ShareX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxie\DefaultIcon\ = "\"C:\\Program Files\\ShareX\\ShareX.exe\",0"	ShareX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Directory\shell\ShareX\ = "Upload with ShareX"	ShareX-15.0.0-setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxcu\ = "ShareX custom uploader"	ShareX.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\ShareX.sxcu\shell	ShareX.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
4012	ShareX-15.0.0-setup.tmp
4012	ShareX-15.0.0-setup.tmp
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
4736	chrome.exe
4736	chrome.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
1164	msedge.exe
1164	msedge.exe
4632	msedge.exe
4632	msedge.exe
3280	identity_helper.exe
3280	identity_helper.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
4012	ShareX-15.0.0-setup.tmp
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
1596	chrome.exe
2904	ShareX.exe
2904	ShareX.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe
2904	ShareX.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3104	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 4028	1596	chrome.exe	82
PID 1596 wrote to memory of 4028	1596	chrome.exe	82
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3388	1596	chrome.exe	86
PID 1596 wrote to memory of 3336	1596	chrome.exe	87
PID 1596 wrote to memory of 3336	1596	chrome.exe	87
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88
PID 1596 wrote to memory of 5080	1596	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/ShareX/ShareX/releases/download/v15.0.0/ShareX-15.0.0-setup.exe
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff04a29758,0x7fff04a29768,0x7fff04a29778
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5380 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4752 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Users\Admin\Downloads\ShareX-15.0.0-setup.exe
  "C:\Users\Admin\Downloads\ShareX-15.0.0-setup.exe"
  2⤵
  - Executes dropped EXE
  PID:4588
- - C:\Users\Admin\AppData\Local\Temp\is-1EMSD.tmp\ShareX-15.0.0-setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-1EMSD.tmp\ShareX-15.0.0-setup.tmp" /SL5="$60234,34869572,832512,C:\Users\Admin\Downloads\ShareX-15.0.0-setup.exe"
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:4012
  - - C:\Program Files\ShareX\ShareX.exe
      "C:\Program Files\ShareX\ShareX.exe"
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:2904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://i.imgur.com/DNB1Pst.png
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4632
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef5e646f8,0x7ffef5e64708,0x7ffef5e64718
        6⤵
        
        PID:1476
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7769000712068404657,13764418640322839774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        6⤵
        
        PID:2708
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7769000712068404657,13764418640322839774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1164
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7769000712068404657,13764418640322839774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
        6⤵
        
        PID:3736
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7769000712068404657,13764418640322839774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
        6⤵
        
        PID:4612
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7769000712068404657,13764418640322839774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
        6⤵
        
        PID:4576
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7769000712068404657,13764418640322839774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
        6⤵
        
        PID:492
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7769000712068404657,13764418640322839774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3244 --field-trial-handle=1872,i,12513608478626344881,14975338620836683295,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x4f4
1⤵
PID:1836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Program Files\ShareX\ShareX.exe
"C:\Program Files\ShareX\ShareX.exe"
1⤵
- Executes dropped EXE
PID:3376

C:\Program Files\ShareX\ShareX.exe
"C:\Program Files\ShareX\ShareX.exe"
1⤵
- Executes dropped EXE
PID:1644

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3947055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3104

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ShareX\ImageListView.dll

Filesize
257KB

MD5
4f22f7efaee4bc10fccf7ddcfe5b261f

SHA1
9733c1de9c34a908ee417a756028509fc5bb59ab

SHA256
4e5ff985c9e6d44dba623d425bb56bea5d1f8a75cb45f8bb6c3ad2d569afdd75

SHA512
c7cd1ef6b6f70e9fbb3eb23b6ade2c0760794e57af12472d42029bbca060e36c1f41bf4d9a5c8d59c269cfd84e9dda78fa537df7da15ffebe646e9daa5e8fd08

Download Submit
C:\Program Files\ShareX\MegaApiClient.dll

Filesize
111KB

MD5
73389b5be711d23b4c7b6ac47009d84c

SHA1
55a25a7792c586565d612bfe7dff7de01c966e40

SHA256
68519d2885ad67014d2442389193a508face5b739d3958f2958e2301784bd2b9

SHA512
2f007fdd6a45d6fe20b1de4116b9618c14d2c6edd042fa890cb9cf737e864b39d7b9cdf13ffdced553b88fc739e52b258000db74e74a038a5d597e38fdc864ed

Download Submit
C:\Program Files\ShareX\Newtonsoft.Json.dll

Filesize
695KB

MD5
715a1fbee4665e99e859eda667fe8034

SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6

SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

Download Submit
C:\Program Files\ShareX\ShareX.HelpersLib.dll

Filesize
1.1MB

MD5
700e190d563d45c1ca8b4aefb3de209c

SHA1
389f638ef11f8ec40658bf171071ab7b2126fb81

SHA256
fcdc6a90e72b3ac49e7bb66567671d88a988de4f48c06b8fb1ef55d2787c0b33

SHA512
9b1f64be2f23c38e5f501b286bd7272b62d22444daf4a0ad77b5a0f100761e6c32ffe0f1f7eb19c41e779162eb78fc48f60c39ec6d0a48a47169d85040853907

Download Submit
C:\Program Files\ShareX\ShareX.HistoryLib.dll

Filesize
165KB

MD5
21d99d06264f6309b42b405808ece0bc

SHA1
0c71418146357813548dc054efa6228297d9a694

SHA256
eabc3c5080ba69db3b55bb131df848a970ac1ff19d63837c20bdb6b006c19506

SHA512
f2add039bdaf8dab9bf06444d15ab6d055b083749341dd9361efd5f1c40f9dbbeb3bc45c642ab7bea74b0856b0d5a434ba4f3c554cd115468db0f84330436fc5

Download Submit
C:\Program Files\ShareX\ShareX.ImageEffectsLib.dll

Filesize
137KB

MD5
c8b90474ebffaee8624d21bd0ef77f31

SHA1
8d74521996c0085d7ef889da70cdb2b6725c7390

SHA256
5b133955679ad4556d1272a92ad2b94526c8554621bf69eb30776d3823383ce5

SHA512
3419260e9a3b77ab732665220233a711fce5d1421f6977d32d77769fe7ca2445c8fab39f2c63d203aa6acf731c55ae9d0903a50c628bf2b067693538895418e8

Download Submit
C:\Program Files\ShareX\ShareX.IndexerLib.dll

Filesize
45KB

MD5
dc7d67ef1ee4266881c5cf6a2997db45

SHA1
78a564249adb603cbf0d5e89709dde99f93d77ae

SHA256
a33ce8f496ee195c9a267b4890bcf6289f2c54687871cbea8ddfc9249a8e03c8

SHA512
82f9891eaa383a348004e912b955caaf5d2502b79086cc409a3192578e132a5c765071685643e677c981a2f3cf223d47866d527acdabb58731aab91b0bc2aa06

Download Submit
C:\Program Files\ShareX\ShareX.MediaLib.dll

Filesize
148KB

MD5
a29814a8b6ff549b61e55912a714fede

SHA1
ccc5a385281e205fe610e58837a6942b77660113

SHA256
66983c354371e1b4e1427e95c216b0df800bb0a15d5cf75e7cbecfff79fc4fbd

SHA512
dc6a8950be8e07924081e49264fe9953e652fe5a237865fa92023ba723706df6d27a574e7777af75d9b36278fa18ffe0a8448abfdd705486f20067fd3371315b

Download Submit
C:\Program Files\ShareX\ShareX.ScreenCaptureLib.dll

Filesize
668KB

MD5
c5602d0f2369fdfe030f2761cf111400

SHA1
722ff51bd401978899a913913ee51e747bae3bbf

SHA256
e5821f3b94ddb6fe0a3202fe7b6135af53d11191bb1e63933c9c03228015c5ca

SHA512
29a1965cfbc3ec0494bd42be0db331ab4b91ffc5c5735a75b6c2221c075f4e213c0237b8bf51afc7d6baec8d277adacac83cf2cadcfff7ce26891277a3e47a60

Download Submit
C:\Program Files\ShareX\ShareX.UploadersLib.dll

Filesize
2.1MB

MD5
2de37fa28311caba87425c146c929015

SHA1
523f3ff40cdc8b9dbf630c63f782dc5dea2ee83f

SHA256
66b427ac2d9c5831016e6950c0ee5f3c1213bd25dc98b9c4ad5ed99d02013183

SHA512
cf00e93120cad25cd627b35429d772e87f663c89c16cf655c41b54811a9bcea2ea60509f3e7b39ee61ea9912b262a621261915cb83b58645ae2db95b1698b938

Download Submit
C:\Program Files\ShareX\ShareX.exe

Filesize
2.1MB

MD5
b1a736092299c9dd5679fa9c430f3a05

SHA1
bb5fcea481dee7f21cbcef376b1f8c4d8386c19b

SHA256
0b679c46c2940edc09cff8ae0b0f4578aeda0346b9c402276b166aee4ec864be

SHA512
fd610ae87413e8215ef3449cea73c041feffa01d0940e8aa5e89f0f7d1ded96bebb7b1d1dc28481c4babcee7310a684d621adafaa6a4e98f0478c8c5a19a19fb

Download Submit
C:\Program Files\ShareX\ShareX.exe

Filesize
2.1MB

MD5
b1a736092299c9dd5679fa9c430f3a05

SHA1
bb5fcea481dee7f21cbcef376b1f8c4d8386c19b

SHA256
0b679c46c2940edc09cff8ae0b0f4578aeda0346b9c402276b166aee4ec864be

SHA512
fd610ae87413e8215ef3449cea73c041feffa01d0940e8aa5e89f0f7d1ded96bebb7b1d1dc28481c4babcee7310a684d621adafaa6a4e98f0478c8c5a19a19fb

Download Submit
C:\Program Files\ShareX\ShareX.exe

Filesize
2.1MB

MD5
b1a736092299c9dd5679fa9c430f3a05

SHA1
bb5fcea481dee7f21cbcef376b1f8c4d8386c19b

SHA256
0b679c46c2940edc09cff8ae0b0f4578aeda0346b9c402276b166aee4ec864be

SHA512
fd610ae87413e8215ef3449cea73c041feffa01d0940e8aa5e89f0f7d1ded96bebb7b1d1dc28481c4babcee7310a684d621adafaa6a4e98f0478c8c5a19a19fb

Download Submit
C:\Program Files\ShareX\ShareX.exe.config

Filesize
980B

MD5
3a4441d2729973dba183fca02aa933da

SHA1
23e75814282aa2c1b0ae846397102d2c2078a285

SHA256
08ca8f015f005f7a4109877bffe8acee9f31b3b237703f62adcf75488aef61cb

SHA512
02b70bade8aec0dbd1fbcddeaa824b78d17e8aca62b1d8b3d40948cb915b3ce3a693d4e1d5a6abfc5de9248aef1b5f5c282fe74969d316a2d02d33c13df7e301

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\b1nzyblob.png

Filesize
4KB

MD5
e3b011bfee4fb759f45d7be4acfdcbbd

SHA1
8863f89a43cae28a6429f1167fcaac8da6137a48

SHA256
19dcead074212cf52a818863789aaafdf147bdea1c9462ee8fc6768d7266eb28

SHA512
62063a86091ecb091b14fda90fc9d697dc290113c1ca814875aa14c66a0735a2d61c43fbeb507e91150d7f1c97c81fd95cb5f06315b3cea108533cc34618af40

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\b1nzyblob2.png

Filesize
3KB

MD5
0740b6ae825d71075d03d357faa8e3ce

SHA1
91b80fd16b6f3d391e1ce617ec2d3c3593156d9c

SHA256
a174881241cacef01c6e06e9ced717386280833b8d224d7f5e8528f332686b87

SHA512
f53a519942e8b9774b0744a8bae12178ace468b52b6a11bdacd4aad460cb31d9e532bc4889888283a889a813995a53083ffb3d0308db06ddfc50329ef1e95d29

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\b4nzyblob.png

Filesize
5KB

MD5
35b4090f8e0ef885dcb915c538b893cd

SHA1
b5c9317a6d6f2a4f3302951ddfeb83bf9b8bc972

SHA256
c8f2c883080ce3b277b715e8a83fe88c548c77652477f53543d69665db3d3afd

SHA512
90c3a826178c0b1bbe32c133364bffd496f04e73a9e0f3429169aad93a8738eb8a0ded1ee51981d10b60c1eacb37909ecdcdf5472277d5f9b3f7b1569396236f

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blob.png

Filesize
2KB

MD5
d5e127c0104f88eac77a72346ab23206

SHA1
0ee60cf1994f40ff17f6756c383181cdbdac0b94

SHA256
231e0a198f856fc5a52545c50f629094ce2057f900f4007ef9426bdac8b54324

SHA512
bd3ccc3bb9d32fe6aa4f926a2ae0fb70b0e5e3301216abaca40ec3c339c5646eaf07cecc99d105a7a8972b26b2521e619cdc2cb896e43925e7dea92d1a25b9de

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blob0w0.png

Filesize
4KB

MD5
d339800fde087ce353bc3846341efb16

SHA1
88036fe6da63b98691ec48a4cd849fb5c47b15ad

SHA256
c6d674adcf50f684888ea6406e0bdeac4158bfe5009f680a62954577ea57b35d

SHA512
fcf4344cd2f1ed27c6fbeb1312caa3880769426b455793d77e067531612f482b6e58b27751e9a27d92b11519a88bcd830f28bb5d8a3dec1aabb6a2e84e5f26ec

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blob3c.png

Filesize
4KB

MD5
68051421d5aa121618a002442834d9a9

SHA1
5a7bd364e605c17db4ee03b91765084fa7e588b5

SHA256
fa84a014a980765eda409226efc4a8b4cf68dad2db7041f2a6209e274b137f21

SHA512
d09017e378be3592071abc1c5fac7839c19816873f8cacd240ed1635d611787f0fdebf8f30fe834f2ea3f624aa388aed6e6ccb5b27422c1b7b82ce72205eafc7

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blob3cevil.png

Filesize
4KB

MD5
6784aca45826134f8ca91bca54f5e976

SHA1
38f300ae0124b4ca78033a663f4efd67254f942e

SHA256
62d580b8afea3e01e43431abf76cdb1d337d005c1e021d1d932a43960c976de2

SHA512
28d039ead8ee817ace3f4eeeaf7446691bbe4ff71dacc3812ad48b5e70b8a077248b71e3563e62bd6bf72e9a9026683ef0d1ee319ae5769e8e8d7251c6061622

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobaffection.png

Filesize
3KB

MD5
59034c36378c7a0fe4a69bbe309ff7aa

SHA1
c9e54eb3d137ab7711e6e11c92c569b2b9d83afb

SHA256
ed8ccf045f14ee2cfaa385a5ae16d78fc79cc88eb8a5a4f894328817d6f33767

SHA512
1e711f3ebbe26ac5ada7a1962fde377a12bb997f56a83e5669a5328e5bf2782fb331f926686dda865dfaf5368cce5c15a463f7ef212b3dd568a3bba2c0895f19

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobamused.png

Filesize
3KB

MD5
fa234a02b5cb5d3651d92ca1309d2417

SHA1
aafc312416cac47b673285931bf93c51fac4fdfe

SHA256
4c873e3183cef220e455ad81576940e708677192bfaf53754a5c8bbbbbf02293

SHA512
b0a483d78e17bae766d0d075b0179a55388bb836c4f6bab2ef90844c3807e207de33a5c0a197ae526c960e5bd5c10d64e1ebe1607bb89fb8632775572966b233

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobangel.png

Filesize
5KB

MD5
1043ba1c669270094556a2b79b3f1d39

SHA1
aacfa7bc122bc040df70afb56c27619b47055d4b

SHA256
24f07aa9370521a23e52f3f316ed265ae5eb120e9c99a6dd5eec7689aa2bb3dd

SHA512
83f0811cc0f316d744c18c5314dec013b7b8a25da46f99c267ce12d1c3d259812f1e719cf2d94a5a6b25cd5b8cc3c7146515a25e995b99d2ac3f645e985f26b6

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobangery.png

Filesize
5KB

MD5
fffecacf1aef479a30bf1501c2a38162

SHA1
e5a1216d7ff1b7fc6e32336de558de05f412ed3a

SHA256
5c41fefc79039d8633dee71bccbe92a438919a496a40651565f021beb7895784

SHA512
2af521dbe4a7be0e684040dd394402a6d2445e92bf0460aba58e6c054c54d3f2faae76aecc74b70302f8293f5a83f580521732f8a906c30f042ab9a465ff6574

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobangry.png

Filesize
4KB

MD5
bb3af5344d56fe714cfce53c6ce7b043

SHA1
2bed738e13132baed39bc2bf5dd5f9766dd9e39f

SHA256
55b51c23a057d1dd8c2d11ceadcbd6d5c157d36fd05348e7c9f7110dbf48d257

SHA512
2b75cfce6c546bdc3167952d1ab8522db379c03e5eb170e51a83afd7afb5b7722433c462cbb04adcc753f8a96e0b3b3e72f288c7309379c2fa47ffbeb94ccb8c

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobangry2.png

Filesize
3KB

MD5
a043f932594fee35cc7104f8b6f1188a

SHA1
8d8642a7d90bb8a2a18e21a51aacb5881508b55a

SHA256
5e5528754b3876f080068408e4fa076e4d010d28e67d24173dc706ff8e52bd4b

SHA512
5e077e3dfa937a67af53ddd6ac23b0ee7f68107de9f2910bdb8eb5c615a50dce2059e04c642d60e698bbd2376915f9304f56c9575e6a12ce944a51957a2aeb1c

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobangrypuff.png

Filesize
4KB

MD5
af923ec8e6a84378392465ea4d4f9987

SHA1
fb407d66ebb02c7f0f0bfe49c5e33e5cc2dc02a3

SHA256
a706d611609941e0a1c9979569f375b787676185491be4891df863b7d41230f3

SHA512
3a325913e412742de1406c12e9b78e94662207636564a3e170791cc821170198baa8b9c39101b3ae7e910189ca174e2505ac56d3d7c1c014cf380fbf4c35556f

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobartist.png

Filesize
5KB

MD5
93a7722d1682281b1e81f443842912b3

SHA1
40d518612e5b30edc07502dc3c0d35f1956bacc7

SHA256
67e3129f927353d95ba57ead601a6eb3b29ffa7fdbde52330de06a76ef960221

SHA512
b3cab0d00d1201b74000282c468013fe62a156afc613d15232478f6ef6e7f79740cd0c8474402354ce7295e6d93c63521c99ad8c9061228bc2398c053a6fb335

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobaviator.png

Filesize
6KB

MD5
3c3e6e1e6546644aada594a5037ed28c

SHA1
4a7dedd00132e575b1b1fcb4750a74e43d6be8b9

SHA256
9e7ed4edbbea5f856a9d493dc1178746a6a267f4a74be0579047099ea8ad0c07

SHA512
f2bd1c70099efbac7e8b6f9decb047c658f701c5df58b66beb25abca2ea63aa945d14e226dad14f809c6ff876c4ba2c6ee843218840dd77e8d58483f1fbd79e9

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobawkward.png

Filesize
3KB

MD5
ab53f7a33d89ec527aba1b5f08fc9539

SHA1
8561f5cee5c97f6bf9d1dfea3fdf2b6e46f810c1

SHA256
663cbc9752c0f6cb78d3dbd1741dd6085ed55db23c23584d04f36d55d58bd5a0

SHA512
50bef996d5826c30816c43a85ee8a4c2d068e09c2ea625a994a9c4de9c9992ec34407613f4b4e1f7526363dd1723701e9aecb22518429af6229866bd0bfc0d4c

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobaww.png

Filesize
3KB

MD5
cc55a72d6667ba32f235a93589b7a13a

SHA1
14237023b33d79009c43f4d28e929179e963a6d1

SHA256
85b84a29371ef3c2cd9ccd2947a7c695d658dd4a9f6d47cc900b29509f669222

SHA512
48bc4499782dd2c89b33388c47b09947894c27c3ddb92ab1bbd9f51699575d3f9529506f643f77d95b9bf76b918bcda72eea6f7b0732356b617b83af57033c38

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobbandage.png

Filesize
2KB

MD5
200e1a60d9d442153417c3ca1fc53c30

SHA1
237aaf7fcb25e64c99be3674fab24129ef2e6082

SHA256
8262a721fbbad6c50fe1bdaa2d2c509743f9005e5ce41ac08208f98e506a4571

SHA512
94936dfd42f6cd7cca4bada4cc9c111872a90f675102a5a95cb9de2c6b657697341072f8cb4b9c5452bc1e255dafdeb2d43850d4aa09d26d3c805b21d5235984

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobbanhammer.png

Filesize
6KB

MD5
82f11c522f682d35ea08e983d1359cf7

SHA1
4bc1e162550110afbe7c1b95afc242b80762d157

SHA256
c4b0366d8d022e5db6721b0ad7cc39539cc8307f2e022aa02fbbc07a9e50afad

SHA512
0353c93ea4d63429ac36f1dfea37a8dc8438e43feb0401a891915677fdbe8a785dd3cf384e745098e74167980c750d624f7d7bd93e540e49b45c52b63a4a517e

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobbathtub.png

Filesize
3KB

MD5
c6ecbf3211074ad43ccfc6d8b102b378

SHA1
743080e0a425f675869a027cc875f7da1c557233

SHA256
053e821383386427dfbd92360eaf6a01e1987ae7914ffdb91cd39b1d5fadc7e1

SHA512
57dfe33778dcdd467ea6741d59d82fcda30b5f8a21f562f6d7fb2700d41e7a7e4cddea57ed8008c9aa080474a203ed7676cfb2a02ad9689ffb4f9fd7a8b440e5

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobblackcat.png

Filesize
4KB

MD5
e8c2d82343e1fd95e92d95dcc85a6083

SHA1
a46a3a63aaf17d6999549abdac87a0173d600034

SHA256
016b87891c12996251c23b9c3aa3fa7252d4d8d3073e24fd9429b54769693352

SHA512
cc31344d1198b3fb81548871b40e6845c4bd4e33864e3d55a506ef3636ff38ea4e974bc34335fec625f6b306ca6851b90a06f8c30e5fc31b5d315eada5a3846a

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobblush.png

Filesize
5KB

MD5
f7b8bf7c48c745e8f35ab2493af8e1fe

SHA1
2158ef03da302a51cffad8ed35ad469ca62495f1

SHA256
d8d8abebc3e5e0869caefa7b5a68c7e711e4e06789ca6b22891abcd767ef84f3

SHA512
4589ae55cf2d8f50ec88508b154c5089dd1876cf4b9c4ffc63d818d9e97874452b631784817c5930340d653b271c1046c125b6ba939c4cc01938c2802de2fd9a

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobboost.png

Filesize
5KB

MD5
489b944190401420ceab122abe8b72b6

SHA1
4490009247ef089ec014ba87f177a1671d6262d9

SHA256
8c1cca01900a91d1e8761fc0f6c4e75b2029a073965d402369bbfc70cb25410d

SHA512
216d9af958a2605f1e8e479b7312c1d3cddcf210554d1b96646f4cc5843726b8d4e0c2894411a1745b72bd24f86c451485bacd2f2990a5bdb27da8b9690e2347

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobdevil.png

Filesize
4KB

MD5
3184097fda3cf5ace3f95bc9cac9c405

SHA1
a6d8c793496bd0b1ab59655335c34579d67c20ce

SHA256
d66b9f543a4337c336e05b9f1c78c382abdfee10743a59544de9bbc1a7526da8

SHA512
fa22deff0022d67e42ec646a39c003c826eda90b47ffb8499f7c726df90b3eceddf97c76d4ee7dd104c6c5cfca8914aceecfab10a34e72cdadd8febab3191671

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobdevilsmile.png

Filesize
4KB

MD5
6296f22f41e64d4701eb53bccb58944a

SHA1
47fb488035155e70fb576ea0aec3ef87c39da898

SHA256
6776f31aeec64a94b79b492fde886c2073b43ca2ff4032c85b168ff7eb8a05b0

SHA512
254f803d99dd8b33ec7302f50534793c53e2b7fa9d03663fa3cd5744db9a437d74e71777af83b75b6991bf9dc5f0c4deb3dea3886c368de06e9995e6e961dd9a

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobdisapproval.png

Filesize
4KB

MD5
e9c2d7ee845e84784a8636f3e5aba187

SHA1
a108813a478e650bcb872b8075ce61e678d32554

SHA256
2ac0e310edcaffda7f8488ed2ee94fd921126d413cbfa8dc93b160d8518fe6df

SHA512
b8530eed6493ea7bbaa59499fe62c8487553ae106ced34e5e63f6b9d8389e9074784c0edaa1458a450855e033ebff956dc240d1976aa9dc8d05bbd82094e1f08

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobdisguise.png

Filesize
6KB

MD5
66ab99c1cded0583f0aa10b2aeaddd07

SHA1
93e83e954064593b23d003a34e5009079db8d183

SHA256
c35f649c77de7c58c2d79df5313bf9694711cb81736658f0da9e841f0aaad3ea

SHA512
b89988988c7c1c495a3a84a5102a8b8956b0fb851737070366dfc672b1a8edc8cf506958c15bfca131e524ef46883b31e7a3990ae9e61b0a6e66f4b5b6845dde

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobdizzy.png

Filesize
5KB

MD5
0712eb1adb1cd42e19da2797770b722d

SHA1
719484adab076b30ad105a2deb76146ec9493c95

SHA256
32bb56fc7385420e6e40aee1a05431b778505537472487e1fd95f31eef3eb455

SHA512
659a03039bd8b84d67b015c5f7f1c5d08e10c57f145c09e2ecdb84fa125dd81d8bc80e7bd7720f6896b7aba784ac6b180715aee978fd974777760b6de9e78c08

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobdizzy2.png

Filesize
5KB

MD5
be4add94ba8522e4007fbce18b52562d

SHA1
517c320dbf7e32307535f9e9db771aeb211b93a5

SHA256
e1bfe0a4becc4bb2eed8891aee6ac2ab4cfc32846668cc4752ba527d5fe17587

SHA512
776adc4f89989ffcd10ef04ea4fc5368816429b77ea1e183269e05788efb1147173b64d994a1abca047884bf2af7340ac8427aaaf9162682ccfe39a367b3f9a4

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobdoctor.png

Filesize
6KB

MD5
e4cd6f973ec0340bcf2f9056bbdc1a18

SHA1
25b646d4a31b8220c4a12398e2ad273c198373e4

SHA256
c1257d70578d6934ba10300c8f69800718af0cd8ecc88dc5d30590d2521fb91c

SHA512
fc40491ff4c9cf0f3bf2282af19c33f605f222447b6be7a0b96891c91353fd2010070ba9e2bf198044649f53ee23e1a78f8dad66e75d9223c0880bf69768bb2f

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobdoubt.png

Filesize
4KB

MD5
c26a46de5571fbf4696d7d83fb18551a

SHA1
420129b53a6f00f03cb35449edc5968511164d5d

SHA256
de1118c7eaedfab26f7e33c1ca49cc26c5b383849a805daed8cad7d64c6d9148

SHA512
7009de4c70ff87f9a45b6f29b30f53c59e9d6fab5c3344e223830f756cad76f0d43a546c0b9e87223bc60570de94f1375829f7ded1741df248e5e670198644da

Download Submit
C:\Program Files\ShareX\Stickers\BlobEmoji\blobdoubtful.png

Filesize
4KB

MD5
f8057bff6ef4fe3495e1952c068581a9

SHA1
04487382e5fc477ad1d94085e7d74f23b2b796b6

SHA256
9ccc942ee76d2bc8e3b1872e432a3475c1baaaa617d82f6ac8085943886c1df1

SHA512
af8e6f9dca1435051aab6e5618560e55e70600e9b6c0c8da0da42299bf0917c52e32fd355958f698717750c7e25d7e145c325d90379ed2e1bab307001010bcc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b824b775ffb7ad0b04b9b9c3e791ac85

SHA1
f88273ebed9f1407f60a73d1ee4a4e4372f87dd1

SHA256
685c0b1e61245c5edfed991e0f5630adfc83689b1f7245ca9ab015d16557aef9

SHA512
e3138f95bef8381d797f5fdc42d1906a6d31a94f047360208b3c6ca051c93a561b6eb4f1457316518577372750c516353d054e63ca401c5d41e2c3107e5059ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
a8c628ae0d0d2c247e523d7d31fedace

SHA1
3ebac3f0369c8cc1635b209a1ee8caae9f1ff02d

SHA256
2fdc17323e24483e9fe92713469e7a9815215f1d613c4a8293faf35f25a190cf

SHA512
6036eab7d060a69920b7ef0ec150a23f0fc2e5d3992141b5ec631d2dfbf0f7969cf64c36403bdeb88bb86e3784f6b3647287da6fd57991f643efffdde34e5e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b7fff20192a1afec6651f9833e383da

SHA1
057ea3cc0614ed1a5ec2dce8aa51525639b6332b

SHA256
1fc6b7e19f34db96ea6eab04abc94ba7384f8b3d582d57470a9f26302da7ac9a

SHA512
72b8e7125db35d26b3b5f9766a92dfa63c52af47d61ee4611e2abd817402e89af5e55bbd8f5f6c3c790099ec9bb6497cd2bc819af7bd084b487a8060be4d9ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
47dc3e34aabb4c752348cc10ca143921

SHA1
a78cb3b158e92b531bf0452579061a7079da50d1

SHA256
38b1b077ad48c61147ec9ebf8f0af7b5bb8900a30540f794035628938ddb2ca2

SHA512
4b255734e5ac1393e9fcbc6b8dd6b2189cd3c803ea5127ae3a396ed1d8913abe9790848b2e7f6f40c8db9cd255270b2d4a07c613442ccf64de98db439034286d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
9abffa917b9d9705ce48b4e07cfbc9f3

SHA1
a41fbe2281e27ebc241751b31c344082fcce72c6

SHA256
4433b58d6b30c31f4a47632a7d41d37c7e35d3e703584a551067f672108f12de

SHA512
08b22d194b7378e6ae596c625b2cf9927e891f51cda2366063919c5ab82067811506c367429cd98418f5bdbabab9a9e69aec4bcd3b004791c59fd50ad3046de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
342306a171e79f300f6f4b281d5c27df

SHA1
bea9cc441a20a214edaff12eb982b5510ffa01b2

SHA256
fc19c0d480f70952bea16c8959e6af2b2146b5c7dec2f162d8116c44d07f7b4e

SHA512
8354e3b72fbe7c94fd9d3447c9809c15d7b50df1687f12d00b2f961749823e6bbbda81c8646cbf6ef10816600e371e59f43785ea6f7f3bdaee78a4b9f6ab06ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
246B

MD5
d3bb6d5ff3974f1ef80d7b6a0cb5e6df

SHA1
6618b32e0e8713f44ac3b1959aa26c872e9d8a5c

SHA256
9ee2161d26b57a5ae6579238634f8acc2cce5e24de64b01942975bd8c441ca93

SHA512
da5bef8577fd6c1f1a157fc5c167e94508e00a8d744314b3269e07bfd60261de6689d5a7cc5039a0c7817b0edc40822e29b0adb32717b6e65c4098643469097e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82ea50e3e65678f8fe1137f5ba774776

SHA1
33893535aac7197f91d5e69850f1f3d6ba51c10d

SHA256
89142667ce1f8e93c5859975484bf3703fc9775018dd6f16e1f463bd40c1c431

SHA512
7a4b7b50d4a3705cf73815167c02834c750d04bc3235dbc763b1373a341318fee615d0c589eebb7fd986859262f0982bc1879e9ef217863c8bc530fb096eb077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ffc81c8f66413e2cb4c9631f628cc6ee

SHA1
591476403b565935596783edac50171e7c129030

SHA256
cba5ca9fd0621df4ac5804efe952a791b049db07cb76c0c1c2a2d58289e41ecb

SHA512
d137fb6e6555d7b3fd1eb7ecc70d6eeaf54748725d1fd05405bffc091264e85c93dabf8d58ca7374ce1e6092cfaccf41e0f5dc19e1d34a960d2ec4905116372f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2ea205e670df9f3f5a53b26effa6fb26

SHA1
ce8b24804d75d7affdb5087a8533f920e1a9f023

SHA256
d49fe163cd8dd1fcef9c481cbe6fc22a563cdd45e090a23929073cde9b91a49e

SHA512
0d2eaa9dc3c88568fc0bd4750465473ffe87933341dd1c7e41ac1fa71969640251cc4a82393fa7120617f0f09c68debf9c7e25fc678a0e6a55ae6c9664b3ed5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5e49486f390679666b05522ad7a65d95

SHA1
f95d32db410a16f0f35dc99f90f4eaefeeda43ab

SHA256
43d33eca5cc80159a7fa63438b49829027c2c5afe9d0ec8fa7ab45c85d33a424

SHA512
5f11d2e59a5c1a73f81d5ecb8cb81e0648b8e200a6bb0a9f83ab23890683f09e51c1b0dba91471cb3e0260e0eb4c00310223d9a3b2034558a9b10c2d82bf9135

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1EMSD.tmp\ShareX-15.0.0-setup.tmp

Filesize
3.0MB

MD5
d126a50adbcdde87dde90aec675510d3

SHA1
ea7d177bacdd055c86bcd9a9028697ac54dd245c

SHA256
38669786d00f8e21119fea05167775b3f2035439e2a8374957e42052b6896fe0

SHA512
3011d1d72c25dd98fea1bfcaf86ec2367acf132a3b2ac7297b70e256b32a0e16a9a8a2f7877700f5586302d37c660d44419899601c7f46453d11dd9c5e61355a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1EMSD.tmp\ShareX-15.0.0-setup.tmp

Filesize
3.0MB

MD5
d126a50adbcdde87dde90aec675510d3

SHA1
ea7d177bacdd055c86bcd9a9028697ac54dd245c

SHA256
38669786d00f8e21119fea05167775b3f2035439e2a8374957e42052b6896fe0

SHA512
3011d1d72c25dd98fea1bfcaf86ec2367acf132a3b2ac7297b70e256b32a0e16a9a8a2f7877700f5586302d37c660d44419899601c7f46453d11dd9c5e61355a

Download Submit
C:\Users\Admin\Documents\ShareX\Backup\ApplicationConfig-2023-07-W28.json

Filesize
27KB

MD5
25737ffefdf322cb39655ab84da8fbb2

SHA1
9720c7d32dd7a8ff71443c4d6ceb4b59ca055be7

SHA256
5790ebeda918661b759016841c0f6e0b3c3d2274c5a0a494a2b2da94548fc97e

SHA512
712862bd156dee95ee895db65d99f5b9416420a0e0c0b46d6525cbbbf0174bda0daee48e6e7bd737a3825f9660dbc87a720c9d1184f03f4df7afd4040460b086

Download Submit
C:\Users\Admin\Documents\ShareX\Backup\HotkeysConfig-2023-07-W28.json

Filesize
95KB

MD5
b71dcbc74a5bbe60516da436306ffaea

SHA1
24f14e018f0fb5c8aea24bc7976a8a43ba70c47d

SHA256
0709ece522e4907aad4f16c8d71a812766a289fe45652357828d644f72d8b3a6

SHA512
46d61e26ae082b42781d20f2e223eb1e5d8e0ff6887e11bf9ca207a0d023ace6fe0542c1ee402cac364c5bddd4b1b766f631fe8590dd4276d884758ea1895e05

Download Submit
C:\Users\Admin\Documents\ShareX\Backup\UploadersConfig-2023-07-W28.json

Filesize
8KB

MD5
f0944d938b097c3a2b61782faed907b5

SHA1
2fa5848a10229649fea59a438485dd490d7d1a01

SHA256
64722ae4d56d95d7894ae6f581a044fdf8a09fc3045241fb567e39567ba8eefd

SHA512
44e4f4505951c89aeb18bd5a63272bcbbb11c4299a7165b0278d93004865d272254689ffd36359ba8c61482d79ea1cbbe8fce4bf9b6cea36bf5807513cbb0020

Download Submit
C:\Users\Admin\Documents\ShareX\History.json

Filesize
492B

MD5
c02d37b48da8c1c5a221befc8eaa4f4c

SHA1
ce74f9b54eb43f00b53144b8ef8b823507d9d322

SHA256
2a57286136708cf5cba92f9201f8df35d7f123c27b3825a3b0a9dbce8ce11190

SHA512
038768f9434289511fcbfb688f71608c48561dbc320df173fb7d42bb69cb576905095d82e51e99dcf2dc18c5c94c88413dbfa76fc36a05039b41a1998e197e68

Download Submit
C:\Users\Admin\Documents\ShareX\Logs\ShareX-Log-2023-07.txt

Filesize
412B

MD5
27d98a68ed409d4a937c85cbc9fc1640

SHA1
fcced5f540c36b3d8994c0aa2c98ed6ead985ac6

SHA256
d485abb8b787cdc043aff7f755a23e0392304a803de505d7a5cf028627450b2a

SHA512
fa72a747d6e19aacd6a04098ca0a94d52a5e636dee6e01264653fddfda2435df5628d8bfb2656ced20067df5380f0d9e816a0e9485b2eeb8bcb1cfe60faefb00

Download Submit
C:\Users\Admin\Documents\ShareX\Logs\ShareX-Log-2023-07.txt

Filesize
2KB

MD5
91d891c346454bccb5afaebce2c2f004

SHA1
4ee4344841c73a34994cb78d30f43829fca0afbb

SHA256
567736431dfe0f663a785c00b35345011512b52874952d4738c5ba7f95f1c730

SHA512
ad0ddfbaf7f665d729a76f8e295c58a81b26d2cdf5385f3c2b5587a71d67ec07cbdba5af005c05f861b7d107342b2a72b644c9b2da9b06b43ed6e1c7a260da44

Download Submit
C:\Users\Admin\Documents\ShareX\Logs\ShareX-Log-2023-07.txt

Filesize
4KB

MD5
662d2990b15931d3e18d20bb5bc5e6c9

SHA1
ca7dfbf1ce29974cb08fb8df2decb887f03223c8

SHA256
76299b88074260ebca113fcd2d55aaf06dcecb189fd403e32f6ace80d3246d72

SHA512
1bf6c16044a188fc81f29c76d2915af0418956a6765c974456e8129bac29a1b4d2528da0ad4fed7cffec93d3b775b98f6bb6a7d04d27ad97e57e2ac461e5506e

Download Submit
C:\Users\Admin\Downloads\ShareX-15.0.0-setup.exe

Filesize
34.1MB

MD5
a84d58f209a5573bc87b509c339a6daa

SHA1
2563c1de2eadbd9df04394ec9bc77da2e590b3ed

SHA256
b95166183ae61504728c5667c71743a978829b98ed11bea6c17d2c338d2e86e7

SHA512
2306b52a6b5869533f9673942393d6335b569a3e6c79a27f6a5f5e5ca94f046c68839549286aa8009f74e1c3a7409090635827d2962a0cddac8100415ddf6ffa

Download Submit
C:\Users\Admin\Downloads\ShareX-15.0.0-setup.exe

Filesize
34.1MB

MD5
a84d58f209a5573bc87b509c339a6daa

SHA1
2563c1de2eadbd9df04394ec9bc77da2e590b3ed

SHA256
b95166183ae61504728c5667c71743a978829b98ed11bea6c17d2c338d2e86e7

SHA512
2306b52a6b5869533f9673942393d6335b569a3e6c79a27f6a5f5e5ca94f046c68839549286aa8009f74e1c3a7409090635827d2962a0cddac8100415ddf6ffa

Download Submit
C:\Users\Admin\Downloads\ShareX-15.0.0-setup.exe

Filesize
34.1MB

MD5
a84d58f209a5573bc87b509c339a6daa

SHA1
2563c1de2eadbd9df04394ec9bc77da2e590b3ed

SHA256
b95166183ae61504728c5667c71743a978829b98ed11bea6c17d2c338d2e86e7

SHA512
2306b52a6b5869533f9673942393d6335b569a3e6c79a27f6a5f5e5ca94f046c68839549286aa8009f74e1c3a7409090635827d2962a0cddac8100415ddf6ffa

Download Submit
memory/1644-1778-0x000001E743DF0000-0x000001E743E00000-memory.dmp

Filesize
64KB

Download
memory/1644-1774-0x000001E743DF0000-0x000001E743E00000-memory.dmp

Filesize
64KB

Download
memory/2904-1388-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1519-0x00000237C0730000-0x00000237C0830000-memory.dmp

Filesize
1024KB

Download
memory/2904-1431-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1430-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1428-0x00000237C0700000-0x00000237C0722000-memory.dmp

Filesize
136KB

Download
memory/2904-1442-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1419-0x00000237C04D0000-0x00000237C04F2000-memory.dmp

Filesize
136KB

Download
memory/2904-1416-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1415-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1405-0x00000237BDC00000-0x00000237BE0CC000-memory.dmp

Filesize
4.8MB

Download
memory/2904-1404-0x00000237BC7C0000-0x00000237BC7EC000-memory.dmp

Filesize
176KB

Download
memory/2904-1402-0x00000237BC690000-0x00000237BC6A2000-memory.dmp

Filesize
72KB

Download
memory/2904-1400-0x00000237BD680000-0x00000237BD72E000-memory.dmp

Filesize
696KB

Download
memory/2904-1398-0x00000237BC640000-0x00000237BC668000-memory.dmp

Filesize
160KB

Download
memory/2904-1393-0x00000237BC610000-0x00000237BC640000-memory.dmp

Filesize
192KB

Download
memory/2904-1390-0x00000237BC6D0000-0x00000237BC782000-memory.dmp

Filesize
712KB

Download
memory/2904-1485-0x00000237C0CF0000-0x00000237C0D36000-memory.dmp

Filesize
280KB

Download
memory/2904-1443-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1468-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1453-0x00000237C4960000-0x00000237C4E88000-memory.dmp

Filesize
5.2MB

Download
memory/2904-1379-0x00000237BC830000-0x00000237BCA48000-memory.dmp

Filesize
2.1MB

Download
memory/2904-1432-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1520-0x00000237BE620000-0x00000237BE62A000-memory.dmp

Filesize
40KB

Download
memory/2904-1521-0x00000237C1320000-0x00000237C1346000-memory.dmp

Filesize
152KB

Download
memory/2904-1531-0x00000237C0730000-0x00000237C0830000-memory.dmp

Filesize
1024KB

Download
memory/2904-1532-0x00000237C06A0000-0x00000237C06F0000-memory.dmp

Filesize
320KB

Download
memory/2904-1375-0x00000237BC3B0000-0x00000237BC4CC000-memory.dmp

Filesize
1.1MB

Download
memory/2904-1373-0x00000237A1C20000-0x00000237A1E3E000-memory.dmp

Filesize
2.1MB

Download
memory/2904-1452-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1451-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1450-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/2904-1449-0x00000237BC320000-0x00000237BC330000-memory.dmp

Filesize
64KB

Download
memory/4012-223-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4012-207-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/4012-224-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/4012-226-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4012-1011-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4012-1378-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4588-211-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4588-201-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4588-1380-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download