Analysis Overview
Threat Level: Known bad
The file https://github.com/roicia/Adobe-Premiere-Pro was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Loads dropped DLL
Executes dropped EXE
Suspicious use of SetThreadContext
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-11 11:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-11 11:18
Reported
2024-07-11 11:20
Platform
win10v2004-20240709-en
Max time kernel
63s
Max time network
64s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\a\github_installer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\a\github_installer.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1272 set thread context of 872 | N/A | C:\Users\Admin\Desktop\a\github_installer.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651703439658865" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/roicia/Adobe-Premiere-Pro
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9da1ccc40,0x7ff9da1ccc4c,0x7ff9da1ccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,15059638218584950257,17852742774931971689,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,15059638218584950257,17852742774931971689,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,15059638218584950257,17852742774931971689,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2444 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,15059638218584950257,17852742774931971689,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,15059638218584950257,17852742774931971689,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,15059638218584950257,17852742774931971689,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4652 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4852,i,15059638218584950257,17852742774931971689,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4316 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3132,i,15059638218584950257,17852742774931971689,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4972 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\github-installer.rar"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /1
C:\Users\Admin\Desktop\a\github_installer.exe
"C:\Users\Admin\Desktop\a\github_installer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | ucaeafd1b00703326c542bb8670a.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | ucaeafd1b00703326c542bb8670a.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stationacutwo.shop | udp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| US | 172.67.214.52:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | bannngwko.shop | udp |
| US | 172.67.146.61:443 | bannngwko.shop | tcp |
| US | 8.8.8.8:53 | bargainnykwo.shop | udp |
| US | 172.67.146.97:443 | bargainnykwo.shop | tcp |
| US | 8.8.8.8:53 | 239.172.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | affecthorsedpo.shop | udp |
| US | 172.67.135.137:443 | affecthorsedpo.shop | tcp |
| US | 8.8.8.8:53 | radiationnopp.shop | udp |
| US | 104.21.68.158:443 | radiationnopp.shop | tcp |
| US | 8.8.8.8:53 | answerrsdo.shop | udp |
| US | 104.21.44.192:443 | answerrsdo.shop | tcp |
| US | 8.8.8.8:53 | 137.135.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | publicitttyps.shop | udp |
| US | 104.21.25.154:443 | publicitttyps.shop | tcp |
| US | 8.8.8.8:53 | benchillppwo.shop | udp |
| US | 172.67.160.230:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 2.22.99.85:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 158.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.44.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.25.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reinforcedirectorywd.shop | udp |
| US | 104.21.83.48:443 | reinforcedirectorywd.shop | tcp |
| US | 8.8.8.8:53 | 48.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.99.22.2.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4260_MAZAYJTDLSQIEZIZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\Downloads\github-installer.rar.crdownload
| MD5 | 3610f085de0c02f68b50a439a561e5fa |
| SHA1 | 7e9912456fd090adfb6c61d98eae7143b03a1e23 |
| SHA256 | 939eda7902fbaf030bd1f38f123056718fc2e711572b35575cbc6d53c7afa436 |
| SHA512 | 3bf2278f856c92ad0b78a75ce52af7df290fac83ae22950fa479c06378987271f3183f80528dc9c02cd9174c25cff95a84a3d6e604a4f9baacfb6bdd03769e0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 18d09548d0f70cc57daacf9d14609905 |
| SHA1 | 6431345b5c61fcd175070c529685075b7122e232 |
| SHA256 | 861e20ff827cfc22bb37b34e6fbec50810e7eeb0c32053f9affb251d744eecad |
| SHA512 | ea275481f976ab562dcda9d12f3f2cb4bacffd5523d1a741ae8bee4f8840b309c78751d7918fef260c5f51c880059ca92794f31f75f06d8c56846f4c2c5c724b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 202fbeefa3e6a6b1b550879d868de1bc |
| SHA1 | 99f94c584e94237729f480a5f293fe11d59ec344 |
| SHA256 | 1fc7086028c34608adf5f8bc564a774ba6e9b4525c28e8384a8189c5942b64fd |
| SHA512 | f28c947e466a93725bf9e97801e138c19c09764228b39f7cafbce8745e5e5ca2ac0fef76c89238a6dc8203798c6cd51a5933b98eacbb0451539156386a134b56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 551437ab2814fc9ad52214b12572938d |
| SHA1 | 337b8b277950bab9366a1a15fa94fb720e8a8351 |
| SHA256 | 870679724c68cd0bdae126dbae142e6c2039304c78bba809e082fa91caa33c8d |
| SHA512 | 52541730bf00e6036d4ced5922f5f05c74b86d2c1f7fae0e2dd4f9ae43f9e90f5f182a03f909b455f570e563baa16f261ada4033647f686274d3c3567ca27ba7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 547c4852ea56e7ba27e9367490acf3fd |
| SHA1 | 424f61ee0da143b19ec7fce5eb00d044d881b094 |
| SHA256 | ba60cdf5ee08c0c951964624c02ed66fb05f151ef14d586d95c2498862e7e42e |
| SHA512 | 4c36f354d43d68968e52aa6dd7acefd7c7aca75a16e735cfd31f4c3a8b2f67ac7ad0811b86fac0dd0b4583a65a81dbb3f036331067e7618b47487d8f14de6d2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6f67bd41f4206b9696193b2d31fb8da1 |
| SHA1 | a624f7f0d0969ff10e4ec6b1a4ac2ec1fcc05ef7 |
| SHA256 | 509b93e9c1cc6c8babc1faa6715f16da1e7176eddc5bc9376601bf4c350518c7 |
| SHA512 | c4437aadf3c08ecddc1a5dd4820ed91b2d957df8762556bf03f14a0d6ff2caddd94ebd21a00e8a38be11c668b06e6d1c0ac0142cbb13610abcf2b149b0c9860b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b2ad50a230fcdb88096cc9fc950615f6 |
| SHA1 | 25aa9be8b45d0c341197747aa55081ef80f52794 |
| SHA256 | ff9e69753d2e7a14b710c98a0359e4f4a64f1feb7fe8165765db5a89803dbf15 |
| SHA512 | d449a1dd21053f010c16804723066cf5bc48d158aa2de917b5bded75438f9d9c9a9e6512f0dc383e9013dc71125ee75cc032693e94cc74d31cc2df4a4f920599 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/4244-1943-0x000001C541370000-0x000001C541371000-memory.dmp
memory/4244-1944-0x000001C541370000-0x000001C541371000-memory.dmp
memory/4244-1945-0x000001C541370000-0x000001C541371000-memory.dmp
memory/4244-1949-0x000001C541370000-0x000001C541371000-memory.dmp
memory/4244-1955-0x000001C541370000-0x000001C541371000-memory.dmp
memory/4244-1954-0x000001C541370000-0x000001C541371000-memory.dmp
memory/4244-1953-0x000001C541370000-0x000001C541371000-memory.dmp
memory/4244-1952-0x000001C541370000-0x000001C541371000-memory.dmp
memory/4244-1951-0x000001C541370000-0x000001C541371000-memory.dmp
memory/4244-1950-0x000001C541370000-0x000001C541371000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/1272-1972-0x00000000007E0000-0x0000000000876000-memory.dmp
memory/1272-1973-0x0000000002D10000-0x0000000002D16000-memory.dmp
C:\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | 9c6d10700676748732b1bb5a590c8e7d |
| SHA1 | 6b909ea6d8ef9a8119d0a846920e34f37e88a4ff |
| SHA256 | 03078e9f4c1d13cc845cb4c4bc86a1ec890638938bcaa7f5ea485ccfd43a437c |
| SHA512 | 639892ab694528220c59a84e713f524501b9506617dabf8670f4807dfdaabfcfce3298a2b3fe867565e5ae1b3124c18c0a6803315d853c9c51c6883a31ae04f4 |
memory/872-1980-0x0000000000400000-0x0000000000457000-memory.dmp
memory/872-1982-0x0000000000400000-0x0000000000457000-memory.dmp