umbral | hxxps://github[.]com/bulletdahood/Entropy-Crack/blob/main/lghub_installer%20(1)[.]exe

Analysis

max time kernel
159s
max time network
161s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
27-06-2024 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/bulletdahood/Entropy-Crack/blob/main/lghub_installer%20(1).exe

Score

10^/10

umbral execution spyware stealer

Malware Config

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x001900000002ac0f-155.dat	family_umbral
behavioral1/memory/4888-241-0x000001DA07390000-0x000001DA073D0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5040	powershell.exe

Downloads MZ/PE file

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	lghub_installer (1).exe

Executes dropped EXE 1 IoCs

pid	Process
4888	lghub_installer (1).exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
2	discord.com
28	raw.githubusercontent.com
41	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
4644	wmic.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{DD4828ED-66B6-41A7-91EB-C2D72C0E92C9}	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 969346.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\lghub_installer (1).exe:Zone.Identifier	msedge.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GAcaz.scr\:SmartScreen:$DATA	lghub_installer (1).exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GAcaz.scr\:Zone.Identifier:$DATA	lghub_installer (1).exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1872	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
124	msedge.exe
124	msedge.exe
436	identity_helper.exe
436	identity_helper.exe
2260	msedge.exe
2260	msedge.exe
5040	msedge.exe
5040	msedge.exe
4888	lghub_installer (1).exe
4888	lghub_installer (1).exe
5040	powershell.exe
5040	powershell.exe
5040	powershell.exe
1536	powershell.exe
1536	powershell.exe
1536	powershell.exe
4780	powershell.exe
4780	powershell.exe
4780	powershell.exe
4312	powershell.exe
4312	powershell.exe
4312	powershell.exe
4964	powershell.exe
4964	powershell.exe
4964	powershell.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4888	lghub_installer (1).exe
Token: SeIncreaseQuotaPrivilege	1920	wmic.exe
Token: SeSecurityPrivilege	1920	wmic.exe
Token: SeTakeOwnershipPrivilege	1920	wmic.exe
Token: SeLoadDriverPrivilege	1920	wmic.exe
Token: SeSystemProfilePrivilege	1920	wmic.exe
Token: SeSystemtimePrivilege	1920	wmic.exe
Token: SeProfSingleProcessPrivilege	1920	wmic.exe
Token: SeIncBasePriorityPrivilege	1920	wmic.exe
Token: SeCreatePagefilePrivilege	1920	wmic.exe
Token: SeBackupPrivilege	1920	wmic.exe
Token: SeRestorePrivilege	1920	wmic.exe
Token: SeShutdownPrivilege	1920	wmic.exe
Token: SeDebugPrivilege	1920	wmic.exe
Token: SeSystemEnvironmentPrivilege	1920	wmic.exe
Token: SeRemoteShutdownPrivilege	1920	wmic.exe
Token: SeUndockPrivilege	1920	wmic.exe
Token: SeManageVolumePrivilege	1920	wmic.exe
Token: 33	1920	wmic.exe
Token: 34	1920	wmic.exe
Token: 35	1920	wmic.exe
Token: 36	1920	wmic.exe
Token: SeIncreaseQuotaPrivilege	1920	wmic.exe
Token: SeSecurityPrivilege	1920	wmic.exe
Token: SeTakeOwnershipPrivilege	1920	wmic.exe
Token: SeLoadDriverPrivilege	1920	wmic.exe
Token: SeSystemProfilePrivilege	1920	wmic.exe
Token: SeSystemtimePrivilege	1920	wmic.exe
Token: SeProfSingleProcessPrivilege	1920	wmic.exe
Token: SeIncBasePriorityPrivilege	1920	wmic.exe
Token: SeCreatePagefilePrivilege	1920	wmic.exe
Token: SeBackupPrivilege	1920	wmic.exe
Token: SeRestorePrivilege	1920	wmic.exe
Token: SeShutdownPrivilege	1920	wmic.exe
Token: SeDebugPrivilege	1920	wmic.exe
Token: SeSystemEnvironmentPrivilege	1920	wmic.exe
Token: SeRemoteShutdownPrivilege	1920	wmic.exe
Token: SeUndockPrivilege	1920	wmic.exe
Token: SeManageVolumePrivilege	1920	wmic.exe
Token: 33	1920	wmic.exe
Token: 34	1920	wmic.exe
Token: 35	1920	wmic.exe
Token: 36	1920	wmic.exe
Token: SeDebugPrivilege	5040	powershell.exe
Token: SeDebugPrivilege	1536	powershell.exe
Token: SeDebugPrivilege	4780	powershell.exe
Token: SeDebugPrivilege	4312	powershell.exe
Token: SeIncreaseQuotaPrivilege	2588	wmic.exe
Token: SeSecurityPrivilege	2588	wmic.exe
Token: SeTakeOwnershipPrivilege	2588	wmic.exe
Token: SeLoadDriverPrivilege	2588	wmic.exe
Token: SeSystemProfilePrivilege	2588	wmic.exe
Token: SeSystemtimePrivilege	2588	wmic.exe
Token: SeProfSingleProcessPrivilege	2588	wmic.exe
Token: SeIncBasePriorityPrivilege	2588	wmic.exe
Token: SeCreatePagefilePrivilege	2588	wmic.exe
Token: SeBackupPrivilege	2588	wmic.exe
Token: SeRestorePrivilege	2588	wmic.exe
Token: SeShutdownPrivilege	2588	wmic.exe
Token: SeDebugPrivilege	2588	wmic.exe
Token: SeSystemEnvironmentPrivilege	2588	wmic.exe
Token: SeRemoteShutdownPrivilege	2588	wmic.exe
Token: SeUndockPrivilege	2588	wmic.exe
Token: SeManageVolumePrivilege	2588	wmic.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe
4528	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 124 wrote to memory of 4028	124	msedge.exe	78
PID 124 wrote to memory of 4028	124	msedge.exe	78
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 4952	124	msedge.exe	79
PID 124 wrote to memory of 2464	124	msedge.exe	80
PID 124 wrote to memory of 2464	124	msedge.exe	80
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81
PID 124 wrote to memory of 4324	124	msedge.exe	81

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3256	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/bulletdahood/Entropy-Crack/blob/main/lghub_installer%20(1).exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe7d273cb8,0x7ffe7d273cc8,0x7ffe7d273cd8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1324 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,308657256866881573,433865072885343339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1584

C:\Users\Admin\Downloads\lghub_installer (1).exe
"C:\Users\Admin\Downloads\lghub_installer (1).exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4888
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1920
- C:\Windows\SYSTEM32\attrib.exe
  "attrib.exe" +h +s "C:\Users\Admin\Downloads\lghub_installer (1).exe"
  2⤵
  - Views/modifies file attributes
  PID:3256
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\lghub_installer (1).exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5040
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1536
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4780
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4312
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" os get Caption
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2588
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" computersystem get totalphysicalmemory
  2⤵
  PID:1084
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:4984
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Windows\System32\Wbem\wmic.exe
  "wmic" path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:4644
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\Downloads\lghub_installer (1).exe" && pause
  2⤵
  PID:1920
- - C:\Windows\system32\PING.EXE
    ping localhost
    3⤵
    - Runs ping.exe
    PID:1872

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e7a82c7d1c19e83c994b6c72ab1c0a82

SHA1
a499c7cff39bb8acbd6d519bc892f1006bd15dea

SHA256
1c9c776f032e253d62188a105b777e47639b14f30ff84690d7dc010152f67974

SHA512
e9fafd8c2641af423718ba75d9efcb326205df6f2b2ef3c5f9d817c2a28e9a4eeca49b45acf039efbb780101c90debf61aa0a0223b4c3d718df0ecf220063c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
0f89c281ebd51e3627880e74be12ac43

SHA1
fbd19ee89c819f9f27f511e7d870de45bbf01ba7

SHA256
f20d01b9f715bdbc7a53ad91df67daf3298809a2faf5fa4b64bd25ce0a31cffb

SHA512
84494bf32693e8ecf5180816afe5380ba9e3a06710c853819d1cc108847eca80c7312c5218a130639c8ebfb1a8066297ae19ae59842bd9c7aa964af4760663ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
14KB

MD5
0a8ccc70c0e9de2ec5e1b5c2495fb49b

SHA1
70fbb9d28d15810f775137ac613ce072a21f531a

SHA256
2132c4a6a5c51b00816cee758d53dbe05864f15040dc6d00b3ffae5027c73bf4

SHA512
9eedeafa5d66dea4fc617968821af3ec90f6007fd5e741760322ca4c61950861e3eab97deb17c97b1889dd264a3c0ca5e3a4fb4d247f8d588c4540ae71bc9d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
46fa4f5f7344089589d117bd7599b3a9

SHA1
b6cc1fe19e527d4a372c97e4d195ed94eee40030

SHA256
223280d95a13f1af6af06459bbf230874500c212a2e16f63914eff3f22e8b57a

SHA512
6b680aedde7e806802652aab9ab31cb21438bc8756b063955e6f03bbbdf1273f7d47c40ec1a19fe27537afeb8d6cc219a246d31f7c6822b481649fe296e2a45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2ae77f9e6300973db4ab10ed6a03a9a

SHA1
aa0ae2768f18c4ae1e9cc8047ef39fac980e84c7

SHA256
9588ea4447eb3a51de42a4f36fc0eb365c81ef5ae985a362afa48e31acf59620

SHA512
9ccfcb860d704645211aca0d93403e0270c91311d0dad7b18ec0c6aeb5eb57a39a135e87d901cb1077b976df25df008ae5bfa90aa4a66109114441c2a99744a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e1094fb44f691bedeff411f6918876b4

SHA1
1ab2c7ce70e008338b0829038927175115b7c4ac

SHA256
3b3430cb7525d05b0b513bb86ebad9f5eda28268b2f56f94ac433d42ed49f632

SHA512
2ef0d38f9bc574e831e8f3e1fb3a249743faecb53e76748adfa55541714dcbb0b73dff64dcdb0331f0514a4f0a306195a5c84a32c6936776d39823c63369ceb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b5c33c9f00f764ee4fe7d53c9e5b169

SHA1
13faa989856d5fd9bc8ffaf87ca1749a2ad21b18

SHA256
496edf005ee418731eea075ad08563e99ddeebe9365e85dafdfe85f18b5bef31

SHA512
7a6a92c61101df5ead1e96ffb394e2a48cb74cb30bd367305845568e88f4262362fab2286dd9eaf2a2bf9b62bf99a64dfd3688b76f66c41823e95e09f7ba2e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa5aef0030e1288809858fb061a00b4a

SHA1
f42d0280194e525fb4a64d91b49dde07df682299

SHA256
f6ca6abfbeb69c53161fa6b51e3bf7cc727eb637b4a2474fef848f97290a09c1

SHA512
f3c1935eec26c4fda479cb7dd76c439358ed0adb9f68831b36966f9c11d1ad51f197bf448377ed9f578e31cf2d573b604a54f7b258aa033d9ea2894476707604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04be68882ff3dadb83ad5b9c51fa8b97

SHA1
da1366a6378fccb9800127c28be168a4e78ebdee

SHA256
d108a39aabffd65d99b2e2b22a97d61776a9fc0748e61ead658d06c0c7b32abd

SHA512
95e22f128a9e8d1af1c8ed930994b25f0bb369a72e2f291d33d2a60b7367ef13dd1a780a3993f9d3f995a8ef518c34277e0023b8894cc41b2eb02184947eec44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c725c581d61a866ecb8f1b751464004d

SHA1
e1f14ab9ed047d7077bd8db97f17893174c3a0e5

SHA256
3725d62100ff5a551c25fead535cab6d5b3a687f891d8a8b7eed48a2b15696c1

SHA512
b5ea034f23ae941fd5ce106be3b6d282e38a76742661926a783178ad01ad239b7bb9b4927742a25e98fef321d86f1e902b7b9e8e777a71c75852a07055ec2033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf68.TMP

Filesize
1KB

MD5
1579eaa9ad2eeaea8c3f394adbe2cfa4

SHA1
2ab10f868f70f801a40917611e93bca784c88133

SHA256
f0175b54b49d09c0f9ba3ddab693c0dd87c4e792e19fd4181ead3ec794139c18

SHA512
834870e18a1c5657d5b8f6aa059f22dcdac6f7ccc45a5793bc57afa81da7c300752dbfb58296488cb40f73b0b0cd8daba0c9f713ca656f0a1c09722cc46e5a4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
235532572ebf50f4b2124e407ea5d47c

SHA1
f4ddab20681a69ae97fbc64fd9326a2e4f0dc196

SHA256
883742eeb35c2445323f3feef3cef8622047cbbcd532ca5df352ea605fa49f45

SHA512
d5d1b319d270a2444e7dafce7caf6567b5c6f57fc5c23af04ba9b2a91512903dcd75cea903d25ee73006ea161f9df6d5d7b66c05965714a9b9cdca6c57d5e5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6faabecf10ea5ab0dfbeb3c79dad7211

SHA1
924806963443a445bb4ea2aca6d5ff43286e7e16

SHA256
2b2018b1e556b719d571cd1a1178a679180c32b2c4e0c2aa455198379ba93a60

SHA512
692f0410927fdb5a9d0f37f219a0a16ca1145ec194739a774ff08e3657a6452277355ebda6032d27b8f59ae702dfd31d61bea4b6a447f91f142865ae9f4c9eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1dc680968b5a36cc769ca36a24dad68f

SHA1
6375852a2127f70be3225aed4d49a5f91297f7a1

SHA256
343a828045d5b165b3f224862105115e9cb88a4c9ac43df6dd0617bc8fc2c313

SHA512
8d605c96c48497b94a5208e25825a77df3a0bf8fc9f31d4e666d08074e20249040da0067872e7fddf84b1c777bb670ca09cc6d188eb86fa4d6ff60a6543cab52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
2e8eb51096d6f6781456fef7df731d97

SHA1
ec2aaf851a618fb43c3d040a13a71997c25bda43

SHA256
96bfd9dd5883329927fe8c08b8956355a1a6ceb30ceeb5d4252b346df32bc864

SHA512
0a73dc9a49f92d9dd556c2ca2e36761890b3538f355ee1f013e7cf648d8c4d065f28046cd4a167db3dea304d1fbcbcea68d11ce6e12a3f20f8b6c018a60422d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
948B

MD5
711b161528f4959c4b7463036c7324ec

SHA1
53b30cc796c0dfe0cd4c4406202a19139cb5407d

SHA256
7c077fb04d4911778ab648b657b43c9b464393d734dc7fa029ee0f085c6a5638

SHA512
565d0e3e229894de91ad37a16c261bf380e983ffda750f32e8ad361c0606c62043a0188f45d252fecabc6438bc9e7b2c424b101073162ba9633bacd03b42af9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
7332074ae2b01262736b6fbd9e100dac

SHA1
22f992165065107cc9417fa4117240d84414a13c

SHA256
baea84fda6c1f13090b8cbd91c920848946f10ce155ef31a1df4cd453ee7e4aa

SHA512
4ae6f0e012c31ac1fc2ff4a8877ce2b4667c45b6e651de798318a39a2b6fd39a6f72dffa8b0b89b7a045a27d724d195656faa25a9fec79b22f37ddebb5d22da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
38ecc5b95c11e5a77558753102979c51

SHA1
c0759b08ef377df9979d8835d8a7e464cd8eaf6b

SHA256
2eb69abe0af5a2fb5bb313533cef641e25016876b874353f7d737c7ad672c79e

SHA512
9bf4ce3bc097bdd0242bd105c936a9c9403d5ac83ec99e6a310591a7b8d26309485f3e0cdc4cba67c322f834c325a2b63a008adb078f3a3307094c4b68a48686

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_503tekae.4a2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\AddTest.ex_

Filesize
319KB

MD5
d1a11ffc5304079529385eb40df72387

SHA1
a2ed06afd5285ab4c87ab0a08d9b1f5b77cd6cf3

SHA256
61018b620e4198cc14ac774694084f6dcaf76eb59810a512581dc92a5ee110ad

SHA512
a1f8d90c679fca8d6b00f4b1f466c4e813049868cc6837b5df54380ed6791159174fef1cf7afaa7e4528556e9781dfbac2e1d7f4b02ccabc8e5fbe39c7473d68

Download Submit
C:\Users\Admin\Desktop\CloseUnlock.au

Filesize
835KB

MD5
a023d2138f4ee1bf2e89c52c0e689c32

SHA1
0ff1a2f99f42a9eb884ac79990c58e9be2e3a4e0

SHA256
86be406049989e13e5705f8c0006e5fc8108ab8056ca747ae13cbec0bdb100db

SHA512
bf0049288724a05d792dd0fafd7c1262c0ef17d3c1e3143bc9a7ea7a78c41c6d83450b934be7721c2c758735f15e88e5daf8dcbf804d795fb8f8c806df5ac0e3

Download Submit
C:\Users\Admin\Desktop\ConvertCheckpoint.csv

Filesize
391KB

MD5
304d335d6fe6e160dbd123b2d4cec265

SHA1
7024eafe5bb10a14b036e4da9e4cfc9538f9c6a2

SHA256
8848323f0fe11b680d7d55a0880b4eaf880a0f6a5c5070347445bb0ceda7afca

SHA512
673946ea0a1bfd272d3acca9e4df8947cbdf00403e90f0318ea3e81ccacdb0e8e7aed61bf743d2a7ad28c271992abe6d35bddf82ee3cfe5de5b23f25078108fa

Download Submit
C:\Users\Admin\Desktop\ConvertDismount.wps

Filesize
568KB

MD5
9a44e2160f135cb5c8d6a300f4904e7f

SHA1
4ccd81bbf5eb063dd6eb2e270283d742219a0f96

SHA256
c6cb2bbe651b58212e7a5340ab37535444c448d62bedc57c597bcfd387a66ad9

SHA512
6be0777691789398b1b936f2a2cfe07e0716439c489b96919b9bad6b48fd7c95695a00d30ef2af08ca337f5ce132f9261c8e560ca2a77793012d3cf38ec895c5

Download Submit
C:\Users\Admin\Desktop\DebugClose.svg

Filesize
515KB

MD5
1c501564c49640c921a962cbca11c00a

SHA1
f01388cc24a2c4e1c72c1d9512135ac8361aeee8

SHA256
1cb8e453f6e2391da34827e5914400d22c90542027602cfd9051cd49154bd048

SHA512
f66a253e4255103572eb6de19a5f6e1baba5dfa9d75248a69879241095ce6bb86934839e6247ba2382899c0de6ffa92104d66765ee4fdf993c3a38798c32be03

Download Submit
C:\Users\Admin\Desktop\EditPop.3gp2

Filesize
266KB

MD5
dce61e21f81aa6c916e525f607c7af7b

SHA1
6834aef63d6b1dd2f38c49cf59a5bd05f63f1730

SHA256
819e4cc14e590a2d34f573278f712f549fcd2826c5a56ff178d5c3c97d804596

SHA512
f35768d640f01ad9f7293ed6b03197f897bb34ac27d36873bf863553ffbee95972852559b3393679a9bea78db9df5aef9c86e2a0b9d0721dbedb713986ffe5d2

Download Submit
C:\Users\Admin\Desktop\ExportHide.png

Filesize
213KB

MD5
f9711fd015f6dd7742a5949426cd8cdd

SHA1
9010f06e48aac7d4ae28e7f92d99a1e3d898b020

SHA256
356cc8da992f60d1836d9c00bd63b864553feb2fd7590a2026be0bc14d7ff6f3

SHA512
f64d252c3c364c25ddb9c5f1a9157389a6894e3592e2a5eff827a4d7eb34503302d61cb8f7f2950895f3cb5859f3f10abc22bd2f134b05587d6fbca612ed49bb

Download Submit
C:\Users\Admin\Desktop\FormatInstall.edrwx

Filesize
444KB

MD5
27dfa2cb0a63201f90481571a1c25b63

SHA1
5c619b8ee69467c61fe2e740ed7aa5970463c1c4

SHA256
a3a71a33aacdcacd37d3b64f1ed24aabe98f13d13d0f4c373e92254e8cf11594

SHA512
d17a1eb987aa48f7dff780f3f710b3a947a88b84ebe008e01c9870233e2e78c5a60936276fe2cb074f6f94111bd4a2eff65d25b23b46df62038ac447d118c690

Download Submit
C:\Users\Admin\Desktop\GetRestore.ppsm

Filesize
248KB

MD5
85de2800f0e9af10e0118c767eb9d693

SHA1
9d02319cf5c97beb258172b3b423db8b7cb079cd

SHA256
ea00a07a5a060dfa2990bbf4713f0a09be59eee11a82b190dd6e7d7fba21fb75

SHA512
9b3809afcd7b0eeef5449e5888db81b3bb01e804800a7fd671bbb627c9db488c656120f40b85a4041a1901cc220d09e935e8f6d14dd75a4bde63d6e9b6fdb590

Download Submit
C:\Users\Admin\Desktop\InitializeStep.docx

Filesize
604KB

MD5
9c76e85e23c24c78d7cc36b2386bd06f

SHA1
98c8ac2503882f8f7fd64eb52ab5c09991aba4a7

SHA256
f172b7de2038e8c352348a6248daa73efe9bac2e8a403ee9c06262b0c25ad460

SHA512
ae48744a78a6713b22a4a585ed7504b136ef9ec7c4cca1e9ade0cfb5ce08a3fc7d039d1578bc35338692cfd95638314ec3fecc6a3b7478d8dfcdb66b389bc47a

Download Submit
C:\Users\Admin\Desktop\InstallGroup.vst

Filesize
337KB

MD5
1173a5980fc171f109e384a6d577020a

SHA1
17546f9295edcd89995aa217079421b33bcfb5d6

SHA256
88a401f4b32ea3823534065a4c5bd0a13b983d72faaa973a82aacea215555e55

SHA512
3ce7da164208ad195f87cd5751bbcb06503d650db4b8720fcb56257b12aaf292e65ae2d5da606494a14118fa7fe17aed5f9fb870a553f28a49a1c19e3e8b0462

Download Submit
C:\Users\Admin\Desktop\JoinUnlock.xps

Filesize
586KB

MD5
2690e35c8721c64aa8d1cc5339e4404d

SHA1
3fc9ff36475555b88060a9c467c1a4aaffbc09ae

SHA256
3c32e92881868235be433f714127cdadda0424bd31a6fe9141f2f2393a1f2c30

SHA512
79bd327708d011fa68bb308449f76416098372c0477e2b156bf5967a497332535ddb09b33c7f3aa1e8885dc6ecddc845e86dc0307090c3ca32b3b2b906de0d7c

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
1e2698ae6e36a2d7826cff20c894eafa

SHA1
3432667e932b34b3da8c0e5a47717a7a37248381

SHA256
63fcf9ba763904cafc3d4cd8e180981a686e565373be91ccc487eecf2a93e21a

SHA512
63663587319c14b93d4f154550ede07092778e748869c74e1da9dc599743d95c930d7e4523b8c4b029dceed04e1f024e1e7fe6fe2b073d618f4beef7d4985c7b

Download Submit
C:\Users\Admin\Desktop\MountLimit.jtx

Filesize
302KB

MD5
af6ce56f09a6600d1b82b19e243331c9

SHA1
41c7661d770f7ca8e6152a084e345288cd3825fa

SHA256
2ae5e38f8a8451c944d7dc5d5537b0d46af8b151c8358665966479bb042797b5

SHA512
44667d58479c45d48586364d04309823a2d7e690230b7f413c1efa8da420e33d43701302722ef210a4dd1d532d4686cf5d0913b3649d330aa19ce5560a37b1e3

Download Submit
C:\Users\Admin\Desktop\PublishStop.mpp

Filesize
551KB

MD5
b2d949b38d1758939ca9856d137b62b6

SHA1
f2fabe33aa7d2e7c4e29b2abb9d9d62f7bdc9042

SHA256
8736ac23f612f08e89b33ded1aab26465cccbb662a6176843cc7842d6fa4c97c

SHA512
e08f2095a06b9c76fbfdb8c7e5e013aa5bde13ee8b31ca1e9e21984f70db3028a3797a0e42cfb83faea2f87721269f44d1761dd93454135a78cb4b1a30ff864b

Download Submit
C:\Users\Admin\Desktop\RedoDisable.rle

Filesize
408KB

MD5
ba337cc838fb884c05c4875ee120a44f

SHA1
cb73b06954387f13fc35568e81e17e9e9b121216

SHA256
371fca2af4feec6c46b92235223257ca0dbbef7bc2c530f4cd43838f03249a7c

SHA512
2cc0e587abd3f8b5af081bc4a4db6b6c9f4432d38cfdd91b45d7d5475eb22fd603276257f6a009064f40119e463270fdbb01be71c27e2cb28e087bd101a69209

Download Submit
C:\Users\Admin\Desktop\RegisterLimit.bin

Filesize
497KB

MD5
6a73817a726181683f383ba0c5728ac8

SHA1
875384126a66921a4915e9922f3c58c613fa333e

SHA256
b433b72ecb85f85a71de1e41e7298ad788e6e6b128bc2c0c28ef8cc0a4e2d642

SHA512
de46dbb91282133e7bcdd3c198c36df991d24f545ff1695c8a9330b30603c42ddc393685b91539ed1800e5b8ed9f133e91c38052e896e3b466c0ee59c9fbbd38

Download Submit
C:\Users\Admin\Desktop\RepairRequest.svgz

Filesize
479KB

MD5
641232735830d307076c7db8d44f78c4

SHA1
5875345440e7fcc5d6455964a6a1b16ed8c10a4b

SHA256
7d51f787d78b35da73fe959759b1f6a2f3bb2862cee9c5b8cdf28e945ffe2f08

SHA512
1357a1af3604676b17b9d0573ccee1cb6d48373b0d99d7ccc31d6014d464143c62102d334c72e67b5acc573b74c5e7ccc5ff6b74808ded19103fd810fb6d539d

Download Submit
C:\Users\Admin\Desktop\RequestMount.sql

Filesize
533KB

MD5
52e945728a7d663feb37a6fff4e3813f

SHA1
c20aacc4e10d5433afc551f52a5a6ee650c9f900

SHA256
5ab196160f79760f353b6a560f4eac4b41a52e32115ffe20930c1aefb64f82f4

SHA512
deb2fe807e8d91473411dac67ee44885e95e355e652ed0b67c343a7275a38c38c74dc5b81245edcec581d19fea7a5f470784165a138c18105315429bd1e92c70

Download Submit
C:\Users\Admin\Desktop\RequestWait.wvx

Filesize
462KB

MD5
f3c34a18bb7ced277d4bb29330ae1327

SHA1
584a9c6c8f618856c422ed59a962f605395b96be

SHA256
ae04793e06c2883224e5396fe387e04b05f87d901aa716e31af0585597ddcfaa

SHA512
e6424b966f539f442d4948950a854001fcd62fcda4325baafd817d6591d54fe37e3d6096fc4ec70df23c593438d5ba0588aa98caf714e87808e79733caf055e1

Download Submit
C:\Users\Admin\Desktop\SetSearch.png

Filesize
373KB

MD5
33e0b4dda8c2120075546c73a5745025

SHA1
1c8bf8e2bd8888b36099674d4c1c527dede60095

SHA256
1f942ae20c365e78c4d0ec95e1d690e22fb1cecda6159837df3908969ea0c562

SHA512
f98572c36010507c224afb89c9906a02d0e75ec4b864810eb4f10a0619f9484029e19b95d2c6906f8981e03890b0ae0c7b96513310edc145c9f432c42f5c69d9

Download Submit
C:\Users\Admin\Desktop\StartExit.vstx

Filesize
284KB

MD5
8f8c6e7fce9d6a756ae69811859d560a

SHA1
d949fffda0009903398ea79c3483a973ceb8eaae

SHA256
e83e0c58a7004c61d71dba5ed3c2c6b31a3db599e5c9a3b9883d11aea50e5a7c

SHA512
dfb91f000469b501105e2fffc8328b3f0b8b74370557f7517381be17d312391a5b49e77c00d41c7313670f12c62f9bb9cedff50e5b221d44087d58921e0b32f2

Download Submit
C:\Users\Admin\Desktop\StartResume.vssm

Filesize
355KB

MD5
c34868e09d52a09ef152ea4e0f1e5987

SHA1
a2bb4676a5dc727398427a96659b405c2aac3658

SHA256
313d166d3f5b080eb69dcf19693f616cc00360d8195f59ebe3ac3bc7d27c3775

SHA512
661347db0e1a973eb30705b036c227953b2f2db6ef2070830e8d378048542fe200b9ef767e13901277672e991cdbcb51ea5d18903e5110fc422722ceae5625e3

Download Submit
C:\Users\Admin\Desktop\UpdateMerge.pub

Filesize
426KB

MD5
c330d3a002cc5e026f3c04bc51380559

SHA1
2b5a5841cfd431196c1626ef9d11af1e17f5290c

SHA256
e4c7614e84d927e943fc5c37be2897e2d7ef36decb1c5b53bf69f347c1378ed2

SHA512
b97a967b7622b1e2b4b3c8c1918861235cd2008b84707f9ec58a6ba5913ee999be1fac33a36e79737b6f155ad1c343d99548dce0c7578a881b613ff75075152d

Download Submit
C:\Users\Admin\Desktop\WaitRead.pptx

Filesize
231KB

MD5
603c5058191a67d8137da68df6583783

SHA1
a20c0198ec5977ef4f0baf1a5624345a4198f3c7

SHA256
1a68b98c2403f719f20a220139e284f11c33cfc72becbd0c7270fab42ef73375

SHA512
ef19fcebb93808920ec87f9cc28907fa8cf3d493ec1f11ff55fd6e67c7e48bf8c246f4abcedcc60d02727643af518d2f1f370a6534b0cd28b71cf3587d41a3de

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 969346.crdownload

Filesize
230KB

MD5
cef80cb3ed7dea82911d20847bb90bcc

SHA1
a8057252ce273824e4fb5230eaaf3192fa1850e3

SHA256
947a400dfc66cb783763974b29701573af8dcebca63b33f60fe1d79a367f0032

SHA512
28bcfe5315cd0fbae0e6c3385f72226f0c00f30a800e4c61e7df7787c6ea9c60f8e056d107d6518431977b5e29d2aa8f71b86f2fba0bd9f4ca4d4b33cb9560cc

Download Submit
C:\Users\Admin\Downloads\lghub_installer (1).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
65a5949300dea28a07c931dd7e70396e

SHA1
01f6f1897c1ed98532fad05cd159598147751182

SHA256
f244916fd6afb75d0c9408c8fe2210570c6f75dc9de1f87823aecbe3aed8c5ae

SHA512
8674c4faef3b919c9fde2a96020ec093b6406b28ce4455f3a07fb5b97e393b72c0ffac8e204d84620827d28c63e7384067fdb29fa34c5d75b6dcf22fc008c715

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
9f83852939d146a3a7a3a5a7aa8febff

SHA1
f561b3967d39aadf470d56d4580fdaec4be4e1c1

SHA256
e4641aa97961030df15d664c2c46c7825f29c975b4bb3a07f5991f15d03fdc77

SHA512
d0141f170daba2fb64ae2161990a9b2d9488da5ee419e07240171710d27b7b052b080e783972ad6e897d5681e9298c15e2c293e43a8db648647f6ac47db79d2a

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
4028457913f9d08b06137643fe3e01bc

SHA1
a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14

SHA256
289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58

SHA512
c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b

Download Submit
memory/4528-360-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4528-353-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4528-355-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4528-364-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4528-354-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4528-362-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4528-365-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4528-359-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4528-363-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4528-361-0x000001CC50280000-0x000001CC50281000-memory.dmp

Filesize
4KB

Download
memory/4888-315-0x000001DA21940000-0x000001DA21952000-memory.dmp

Filesize
72KB

Download
memory/4888-278-0x000001DA09090000-0x000001DA090AE000-memory.dmp

Filesize
120KB

Download
memory/4888-274-0x000001DA21BE0000-0x000001DA21C56000-memory.dmp

Filesize
472KB

Download
memory/4888-314-0x000001DA21910000-0x000001DA2191A000-memory.dmp

Filesize
40KB

Download
memory/4888-241-0x000001DA07390000-0x000001DA073D0000-memory.dmp

Filesize
256KB

Download
memory/4888-275-0x000001DA218B0000-0x000001DA21900000-memory.dmp

Filesize
320KB

Download
memory/5040-247-0x00000264343D0000-0x00000264343F2000-memory.dmp

Filesize
136KB

Download