d38241aaa6308ef9f79ca6ba87b8f903fd4aa2f44307a45076d0c244fb5c544c

Analysis

max time kernel
164s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ledger Live Beta.exe
Size

155.8MB
MD5

91b1166c8e4ad4f8c915c2d72150b3fa
SHA1

44bf4650c1021768567259d3ca875988440022e6
SHA256

76151bb3449ee759a4b92455eb960dfa083ab2b8c97fa597e1e3735def8ad60a
SHA512

ea11cf8c278b0f7901c56e567ddbc0cc2668f4061c5f80eed2c7e9c6382a2ded9e0931cf19448db2a336a2b57d1aafe54b256745bb46ccbf326c5bccbd740d7b
SSDEEP

1572864:K0QRq/6WEq928PO3ra1xU3xIv6wlWYkkVSIqnpvJzeInOVHZCW1d8tlyW8ZYgg0F:Xq/E4/NIiIP

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Ledger Live Beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Ledger Live Beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Ledger Live Beta.exe

Loads dropped DLL 3 IoCs

pid	Process
1244	Ledger Live Beta.exe
2576	Ledger Live Beta.exe
1244	Ledger Live Beta.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1440	Ledger Live Beta.exe
1440	Ledger Live Beta.exe
1440	Ledger Live Beta.exe
1440	Ledger Live Beta.exe
1440	Ledger Live Beta.exe
1440	Ledger Live Beta.exe
1440	Ledger Live Beta.exe
1440	Ledger Live Beta.exe
1440	Ledger Live Beta.exe
1440	Ledger Live Beta.exe
1244	Ledger Live Beta.exe
1244	Ledger Live Beta.exe
988	Ledger Live Beta.exe
988	Ledger Live Beta.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe
Token: SeShutdownPrivilege	2576	Ledger Live Beta.exe
Token: SeCreatePagefilePrivilege	2576	Ledger Live Beta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 4088	2576	Ledger Live Beta.exe	91
PID 2576 wrote to memory of 2896	2576	Ledger Live Beta.exe	92
PID 2576 wrote to memory of 2896	2576	Ledger Live Beta.exe	92
PID 2576 wrote to memory of 1440	2576	Ledger Live Beta.exe	93
PID 2576 wrote to memory of 1440	2576	Ledger Live Beta.exe	93
PID 2576 wrote to memory of 1244	2576	Ledger Live Beta.exe	94
PID 2576 wrote to memory of 1244	2576	Ledger Live Beta.exe	94
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95
PID 2576 wrote to memory of 4880	2576	Ledger Live Beta.exe	95

C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe
"C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe
  "C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Ledger Live Beta" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1744 --field-trial-handle=1756,i,8397801326087315443,971677512240784292,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:4088
- C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe
  "C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ledger Live Beta" --mojo-platform-channel-handle=1952 --field-trial-handle=1756,i,8397801326087315443,971677512240784292,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:2896
- C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe
  "C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ledger Live Beta" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2652 --field-trial-handle=1756,i,8397801326087315443,971677512240784292,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe
  "C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe" C:\Users\Admin\AppData\Local\Temp\resources\app.asar\.webpack\main.bundle.js
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1244
- C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe
  "C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Ledger Live Beta" --mojo-platform-channel-handle=3376 --field-trial-handle=1756,i,8397801326087315443,971677512240784292,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:4880
- C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe
  "C:\Users\Admin\AppData\Local\Temp\Ledger Live Beta.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Ledger Live Beta" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=932 --field-trial-handle=1756,i,8397801326087315443,971677512240784292,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x31c 0x320
1⤵
PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\001c9452-1ac9-4286-9d3c-e5e60fc01f0e.tmp.node

Filesize
702KB

MD5
e01126bdc0b91294974722502d689dc7

SHA1
41019ac93e70b85085aec0e0cd7d4ee9e84cda9e

SHA256
e4541fb7b787cc401721d8568af7f721278ba9440ea33c2fd135e52ffc78b92c

SHA512
62937e50fdaee4c2c11c5b2400c7346f077cf64ca9085cda67003bc9eaff0d5011b4a0d62c25ef6a337fa041b39c805eedc20a4603e978442d49b5f045c68cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\93e5d5c2-6342-4d7f-af50-2131c40d49eb.tmp.node

Filesize
275KB

MD5
63a7fb96a3d09b74a0cc73aff7c48f5b

SHA1
5385ae620cc0edf178e270d924d01dea591cafdf

SHA256
f00d85eb45b70e6b4456d4916793162dcacac87a49678ea3dc376912bc7392bb

SHA512
d5af761a4e158defb2d9a804ca1f8ea8cc2b99b8e2d7329dfe09f9f1596f265155d93f39dc2feef5d3d0b60615b2707d787266d603d135dfd3d3a964eea998cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\b5332328-d3fb-4862-ad96-084fa794f463.tmp.node

Filesize
1.1MB

MD5
49ca10dae58cf5a1a0222f83f6df4002

SHA1
2ef8603914516b24d7128c50827def28da97ccc4

SHA256
a6e6d835cafa1fc93f4b6ef3595a4c2b8e54fb7c1ee416ed8e379ff5846e048e

SHA512
815d5b7c5001988d48d059b80df5e6c5ed6c43c89934c31f27bc6e51cc8d6239620161ddfcd0307ed58c1c823e5bed4344a089eaa8b326595a9efe3c484ca9aa

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\IndexedDB\file__0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Network\Network Persistent State

Filesize
1KB

MD5
1e4288002d4599199512862889315478

SHA1
caf842a677a365d2ae260c0211674952ff7648b0

SHA256
c227d444b96453b537a1a260ed0aa9c2dd7636ae19f058fd0c7f6140cfa9567b

SHA512
68570ce731bf390ce71c413ad7699058b72e092225d1b53f3349839bd93b7e485958aa7f186153e4016d822a47ce032bc6e695ecc22ad4bcef854650b0fb32ed

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Network\Network Persistent State~RFe59ed25.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Network\TransportSecurity

Filesize
1KB

MD5
602c9b08a63533af11bdd672ed6cc783

SHA1
bf72aaf4f0c04045769d8844c78b954bce6d54ee

SHA256
2c553fabcfb31798d18ec82ad082ce1aa578e5e81962017f91430292e59ae23e

SHA512
aa0d7e1fcc1d75b12814f3d1e69be65f35d5915f4d4bb2299ca0d797c026e4c1e9ee54a6d903fe5b2998f7d664cfc9a3edcef01bb99c3ede570daf3b4f8fbc05

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Network\TransportSecurity

Filesize
1KB

MD5
8f2f1872ae91292385c807d4c9fbe221

SHA1
7a715525b316377c76ee688bfafc99b79bcc14b9

SHA256
016fb5c65157064b00cc7c611cb3529658e8c0fe89fe714f5407b113106d56a8

SHA512
61a46203d7c4589dad25b4b335c1d07b0c8a65b6d3c8ec62756bc8be738082796fd5f527a195a26afb695fe0f5f44352dc59c7798528e96b42611d848216cdf4

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Network\TransportSecurity

Filesize
523B

MD5
06c23946021a474f24417fe673a985db

SHA1
f5aa6729ccdc2c062882cd979b28bca6ebdb6195

SHA256
ff9abff05d1726367649f6e09223b7d0d0ebe297153ebc7f51efa5a5eac66d29

SHA512
9541c148789ba5c62053adf51bd7fee459a27dd65b34654df8d4ef3c4764e91a24efc2e413f92a25b8550b648ae4f950f734a3532d54e584b64044a02f661795

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Network\TransportSecurity~RFe590267.TMP

Filesize
188B

MD5
81d7d9627bd762e00a5139e0423c3106

SHA1
092551e78075e04c7bf859fa3fd02eee25a9f175

SHA256
240500d0e61946bad5f5dc9850283cce6ba2b646921cc644f5641b7151e26331

SHA512
1ab8bec7705f9a979fa2e00d3e3846d39706433d7f199fb9530c48b2f8f0cfae8b220b5b594b2ff9b68727560788bbfeb9d8261142dae410081dc350d1df9861

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\Preferences

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\app.json

Filesize
1KB

MD5
cffbf4a65a8de5d20430674f5108a951

SHA1
f76a7f96db1cd4b9a87f9b63f68b5b5ec11bf2c4

SHA256
3f25a39e0103b519190f514e599e731609167c7ef7e5521cd8ae8043b33b8a8d

SHA512
12bc411c85b4b66eb0024688c47783763d2e06ff3334d571207ea59ec7ec6db06b9ebed2cd228b55c48a091294a6af1a90d6becf8e43cf7bece24ea9b060999a

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\app.json

Filesize
1KB

MD5
4470590a19a7cb07db446041267ed0a9

SHA1
1387313c1981236503d260f575f2b2457e9df1d5

SHA256
911a990299473a084e7c5e318b9bb703b9b7f823b53d3fb21793e57870fcb5c8

SHA512
a0c09c0f12f1c418d53a7d02fde4cdaa07cbc56f22c2c5957562f9634253314c69bbcdd24a8442331ab1f637b6367a5c96a8e5278f02da3ffd36a83db9e9a457

Download Submit
C:\Users\Admin\AppData\Roaming\Ledger Live Beta\app.json

Filesize
11B

MD5
39dc3739a165580956cef99c07ec2c81

SHA1
7e141c733cf11b06a8c665e95f09c5a1763bf544

SHA256
7fb9d166d1a15bce0b9f085f3818946fd9297e4513a4a034a0ceb749292b4c0d

SHA512
6140a9706bd9d8b6d8381fd5ab387639ca193467274cb9ab2eb706cb83f1474a52c8ddd4d383ae780db131d92238763d983e3a8cca37f13f2aac0e261bd0f92a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/988-204-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/988-202-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/988-203-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/988-209-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/988-210-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/988-211-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/988-213-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/988-212-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/988-214-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/988-208-0x0000012D6C840000-0x0000012D6C841000-memory.dmp

Filesize
4KB

Download
memory/4880-138-0x00007FFC41380000-0x00007FFC41381000-memory.dmp

Filesize
4KB

Download
memory/4880-170-0x0000024E8D3D0000-0x0000024E8D43B000-memory.dmp

Filesize
428KB

Download