xworm | hxxps://fullcrypters[.]net/luxury-shield-crypter-7-1-cracked/

Analysis

max time kernel
134s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-11-2024 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fullcrypters.net/luxury-shield-crypter-7-1-cracked/

Score

10^/10

xworm agilenet discovery execution persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

society-painted.at.ply.gg:17251

Attributes

Install_directory
%Public%
install_file
USB.exe
telegram
https://api.telegram.org/bot5817418329:AAGYtFww9eAGl3ZTuqrCmSNxu_TJJiAWkzA/sendMessage?chat_id=1860651440

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0009000000023db3-870.dat	family_xworm
behavioral1/memory/5896-878-0x0000000000B10000-0x0000000000B4E000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2416	powershell.exe
3184	powershell.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	Luxury Sheild v7.1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	WinRAR.exe

Executes dropped EXE 3 IoCs

pid	Process
1728	Luxury Sheild v7.1.exe
2520	Luxury Shield 7.1.exe
5896	WinRAR.exe

Obfuscated with Agile.Net obfuscator 33 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/2520-905-0x000000000BD50000-0x000000000BF9C000-memory.dmp	agile_net
behavioral1/memory/2520-920-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-929-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-937-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-951-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-949-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-961-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-967-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-969-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-977-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-975-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-973-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-971-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-965-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-963-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-959-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-957-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-955-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-953-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-947-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-945-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-943-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-941-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-939-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-935-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-931-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-934-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-928-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-925-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-923-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-921-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-916-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net
behavioral1/memory/2520-918-0x000000000BD50000-0x000000000BF98000-memory.dmp	agile_net

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinRAR = "C:\\Users\\Public\\WinRAR.exe"	WinRAR.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2520	Luxury Shield 7.1.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Luxury Shield 7.1.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2484	NOTEPAD.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
6092	schtasks.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1116	msedge.exe
1116	msedge.exe
2736	msedge.exe
2736	msedge.exe
5160	identity_helper.exe
5160	identity_helper.exe
3172	msedge.exe
3172	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
2416	powershell.exe
2416	powershell.exe
2416	powershell.exe
3184	powershell.exe
3184	powershell.exe
3184	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: 33	4528	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4528	AUDIODG.EXE
Token: SeRestorePrivilege	6100	7zG.exe
Token: 35	6100	7zG.exe
Token: SeSecurityPrivilege	6100	7zG.exe
Token: SeSecurityPrivilege	6100	7zG.exe
Token: SeDebugPrivilege	2416	powershell.exe
Token: SeDebugPrivilege	3184	powershell.exe
Token: SeDebugPrivilege	5896	WinRAR.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
6100	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2520	Luxury Shield 7.1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 4812	2736	msedge.exe	85
PID 2736 wrote to memory of 4812	2736	msedge.exe	85
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 3792	2736	msedge.exe	86
PID 2736 wrote to memory of 1116	2736	msedge.exe	87
PID 2736 wrote to memory of 1116	2736	msedge.exe	87
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88
PID 2736 wrote to memory of 1312	2736	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://fullcrypters.net/luxury-shield-crypter-7-1-cracked/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8885846f8,0x7ff888584708,0x7ff888584718
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6928 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12317207253274151542,1590332758436748111,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x314 0x52c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5316

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Luxury_Shield_7.1\" -ad -an -ai#7zMap24604:96:7zEvent11174
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6100

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Luxury_Shield_7.1\Luxury Shield 7.1\Pass to use.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2484

C:\Users\Admin\Downloads\Luxury_Shield_7.1\Luxury Shield 7.1\Luxury Sheild v7.1.exe
"C:\Users\Admin\Downloads\Luxury_Shield_7.1\Luxury Shield 7.1\Luxury Sheild v7.1.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:1728
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Luxury Shield 7.1.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2416
- C:\Users\Admin\AppData\Local\Temp\Luxury Shield 7.1.exe
  "C:\Users\Admin\AppData\Local\Temp\Luxury Shield 7.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2520
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\WinRAR.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3184
- C:\Users\Admin\AppData\Local\Temp\WinRAR.exe
  "C:\Users\Admin\AppData\Local\Temp\WinRAR.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  PID:5896
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "WinRAR" /tr "C:\Users\Public\WinRAR.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:6092

C:\Users\Admin\Downloads\Luxury_Shield_7.1\Luxury Shield 7.1\ILMerge.exe
"C:\Users\Admin\Downloads\Luxury_Shield_7.1\Luxury Shield 7.1\ILMerge.exe"
1⤵
PID:6396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5763d55d-e7c6-4949-bc13-468b44fef9e5.tmp

Filesize
2KB

MD5
3b246808095585500e3d48d327f28f37

SHA1
891c2689c0d89204a3e2f9bc405a2a1d98f7c931

SHA256
cea0a2e5fc7453c29be9cd3f39c6ee182a19d59457be4cfd9275aa7d1fd4924a

SHA512
73ab613f3194c7efde30fa78a936623fa1c8be285551ca2757550eb44708e90e3279dcea2223458d12a2ae198bfdf869a40342a856db32d38f96648ac3813349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
19KB

MD5
d439b11c19c06741691d73d0af88e287

SHA1
aa68d2307be549b532824be5707d3d78873c155d

SHA256
439161e2a7dccc2e114bd3e5aa95be48aaa17a4084a1a90dbff1d8ff0feb68e2

SHA512
304db880ea372289bcef8d843311283e91a800f32ef707f2f152c556a97384203cd911f1a305d17f4dd49f3b3e5d60b14e06028130a633b38f5dad827d9af061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
78KB

MD5
0dd6d1fcf680bfcd052e0cb1702b788f

SHA1
b76ba44b1353d6187aca07df50c34ef597e9ffb4

SHA256
b8b72c7872f9a0dddf28ecb561caf5269996ec03bf9c29f993fd08dda9412628

SHA512
b4bd4a55a6cad8eca33ac9eaedcffcb998be9636933fc30cb13eb988f0d058ddc39ceb821d9c9b1da34207ed7a53bf569bf36d2b0383d7d1439a5e49b292edd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
83KB

MD5
df016c4465c42265b40806ec28b4badf

SHA1
088dc704e5edd580c3fc4c01ffabf2521f83f9b7

SHA256
13189bdec9d59abeac1c9ac27376f2384571ef85bbe022746a16004a87d17bd1

SHA512
be7a58b7b03029bd67678c11ebdd3112ea0a201fdfc130f809bce23fa92982e6ec3cf05eb35fdb6f6a10d853e3f3123184eb5b56dd91be36f3f0c0d87b6e4a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
133KB

MD5
7f076dc2ba333bcfe589fe0097df81ca

SHA1
86f6114c9749ae7ec8e3ac1726d6b017ca3c6265

SHA256
333cd94b146b0ee5d6870461af781cfda43c7151557cee69fa63083565d1060f

SHA512
464436efc4720654e36aa8eb4c7aa528058691a5c6e94b82ad2dbfbf3ca38fc5c70298517dbd36b08ceb4b685d066da75cf1ff7e2d20e1a75b9062ffb15d0f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
108KB

MD5
ef9915d62e51d7e28dd154e6cf5a71d0

SHA1
57ce6106eda6f750da8f093ca1075d3823252524

SHA256
c4bb186261e8796042a76ed20902c788f547cf4e3ae7f24aba56f43baf6ce752

SHA512
52445e459dd13bbca3523b4fd811400e9fa7d9a4921c08f696d2701f97173957c9c12eeac6fa93c41450a5e2ce938202413851813a6c5c3b8ca6cd4d3d948d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
29KB

MD5
79ffcf947dd8385536d2cfcdd8fcce04

SHA1
a9a43ccbbb01d15a39fac57fa05290835d81468a

SHA256
ffc11b830ad653e7a9d4257c7cd7a8056db5e7d7e89439b8fd67d1207b1729bf

SHA512
3dc82ecb2abc8c567434666a9162cc188de669927c3dada6392d8bd97d5e746f1ed350e1a02ec016ee2b1dc8a9cc5c71c553f2ef1293d6793800c276560859a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
52KB

MD5
aa84f676fbd688c5281fd30155cba195

SHA1
70772b3a42ca03ee8b7d8dadae1407d2afadb3b5

SHA256
4c62f3257a0deff73827cd6003876e08ceee65ba6ba4ce12e00bc28da4a715fb

SHA512
75ebd46787d8bdc215f93810c3706bf71d42646f8c9abb68798cbd09e8fae63a0457c1e38716d0dbcd93af2557d70b026c9e0407a41b1aaab8c0cac32c3a620d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
68KB

MD5
dee46781c0389eada0ac9faa177539b6

SHA1
d7641e3d25ac7ac66c2ea72ac7df77b242c909d3

SHA256
35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642

SHA512
049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
20KB

MD5
bec2af13143a7771b0b89cec2ab92b27

SHA1
9cd25b2c17a630fd0d6dae4aa80ea510ef4b89b2

SHA256
52aa9c3bdb64b5d1c1fe6dbf456fc50da434916b6c7489f3c64a0ea9253408ab

SHA512
42d00250350982b0d3f26b84f33cc1365c8ab57f830f2f859cf3cdc8ba2879c09249264b1177c4b85de6a2461efe06620668c8d5bb036fde0b0030fa246075b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
149KB

MD5
39bd796260c4b0d819fef42accb90ff4

SHA1
c1a9f432d5c7e481e4c465556c150336fa74bb8f

SHA256
304cf9c7092713553dbfe63ab9dde20dace771f4ce96cf1a2622631acd0fab80

SHA512
ef97cb6190081183232a8d88eaf87bea221c1108c70c6f2029432ed87a9ce100a8dd88a744f185dbeee3ae9a2db1294008d015c39c5c0cb3918e2b5e997ab877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2ff92c8bcf6a4cbc6dd615f0f65efa59

SHA1
762d0c3f22f62903feeae0d5f8f0fa754182bedd

SHA256
fd5e3e0c8abe710c3017b728cf547ba320f7384c7664be7be585a0aefaf81a81

SHA512
b674da609920c4e6e451c7f494ddc26e7d929dd9cb8252afef15409aaeaa8d88465188b79fbf0912e836ebd27dcb9cf12575cd3795d2164c632315c1875367a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
0ebe96a1e97b734370d1a1d5cb7e1813

SHA1
7b3b2d9a1ea7bc55e203f3cd5c51898c1db69012

SHA256
372f1e48193527796080b97b77b97f0b51ed70d26509eeee89760020275191ff

SHA512
25c662c77d4b89bc43bc57865078a70197136beb39bc27c93abdb0f7d1a0acae65cc6d19b5e7794796a8b7c66bbdf84a050d61100e8393e6b23b83cb08a9997b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
3acf0fd8565fd9bc0b2749b95afd626e

SHA1
eaa9698c107001745de3b4245e4c027ca542986d

SHA256
cd17b536ba7e33833004142131b35363b3358a4b0258b1ff778450ffb178b443

SHA512
6abda4efc6cf9437c0ccd33b291ea6753905ac8659bb807c4c04a27b862ef8ba021d1ac9d76dfecc7da1985447adb7c454f94c988228a11975fb61ddbe50344a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
9b55dd45effb6cd4fa943b26528e0091

SHA1
2db4f94d46762b45f3290e408e3404f5ce5c0e29

SHA256
b16ccab99c496a81266446807240757b7816668ba8fc77f2ba318e115812e251

SHA512
b16f0de307866f7421d51edc29173573659edefe0643cd743bb2627aec1ebefbd413974b5dde11f17dddc2ce02d9b4a304e415c101a92ac8ee7a7e410a3db02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
af0818b5c6d9b92e84af6b9f621ae0a3

SHA1
d3bb668f7bc07b937fdbf588f5850ca30a416ab1

SHA256
0fd6af6a6998487357205a90c3b67a88620d1b20bf008aae91125bc9249fdbc2

SHA512
a670105feadcd768a0e253bdea51a2b6da8da0cf5072e6cb0a957cbed4a44df1c93d14c7eea9e5edda3763f651781ff4ecd5d01d6562106f7a94eda8b1d735e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
14e3ab33a8971512c45339ef8b409094

SHA1
f93d7934a8a28521d64c2e15fcb96b322652fdf7

SHA256
e66e34af7e2fedf123eb55beb0235998fc04571dbddbdb5c56afb237e7ac2a81

SHA512
3c1370359876f2d0371f146b3b77135dea48758ee7a380a31f2433b82a61bb037ef79f7ce996f0ec6e97b4cee05e6c27cb696101b8774b1bb8c617bdec7be667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
97a9c5b3c2ac29dd1ce6285c73060663

SHA1
7a040a7e14990d1b27616705b4a5945aa62f301d

SHA256
722bdbf11f616315e50bc42918d681af9fb8c49e48a5b147957cd3f26512ea9c

SHA512
820a4add52b1bd1d497da8ea92099a5e59e09001d51ee22f634d75640596fa5b70da730d023787a2ac0541d3e323520aa78ee542eb525595f3fd99d5f478b357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5bb12baef7933198bb62a4e81c2edb41

SHA1
dc833a141c62f81d5aa1cb35724579505f1229af

SHA256
dacba379c0de8d1f3340ff5c1e286759ea4f627c0326bfebceefe9f1359902ec

SHA512
697ee59ea04841e826181f8f5e220d452a855a42e1d3d3420ed2600bbbdbffbfceda77b182d391468b9bff651d35620248fedd61de8dc2735c24182728cc9428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d6bc0f71fc0069adbcab69fcce6b9959

SHA1
f4612e10bf8617b93f719d37b55087856744de68

SHA256
c80989a6f31492401565706490b55c25f9193fdab943acd7f3e6e0f75bfcd92d

SHA512
658890ea469e57a80b30a33de51f670b5b7cb3712abd293d509cb21e0ff83e6c9dde12a51f870b33260aab36bcbb69e4c0fc6833ce17d0ce2cb969f3d8e805c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b520ccd69be69b998084f3830e6f8bf

SHA1
a4233e14b1efc36ec90f22dcbb4a38da3639404d

SHA256
39b06cf5a50e196c2eee4252db5aef272f9ffc231984ff349aefd4fc05c9ed8c

SHA512
eef959e7b8ab677cfa17cd7ca82140dd1e5d27fc1ad75d9d0f338ef47074eda0be10e3cf65cfede5edd23b214ebae8adadacfbdc5f19ffa3d5240cc5be2d3a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
48432569ebb0a20fdca610cc2cfd6226

SHA1
3eaa44ec0c791e2d86a8a626863bf586731c3fe6

SHA256
54bbee41f7c37bd45aa33812b999256d83f875b264d3c8b58f20492b7bd85284

SHA512
bac3f51b278a1d40debb9cd69227f6d1c9896149ed056f0a2c013f1d369cefe5fd98d1900fc950d0af2a400d38fbc058b77852e37bca9a15144adf9d35d78870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
336a687cc2b16dcc1a692eb508410b1b

SHA1
cbfa02ecfe30b74352813ed9c8c6fa6b338fc0e3

SHA256
4d9b4380d2eee861fa8f71e7c0e237ce83f5201bf72854220a325f9b38e1e407

SHA512
ec758f44d2dfd4d0ae61114d457c1ac5e7c06d667ffa4f0e2338e0fb5e7a690e0b0b53e7ef89a7fa3914fbedc7012e9322137707f6734338cdcd0abee9be57b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f0e.TMP

Filesize
708B

MD5
d3e57cc1aeced273773c0015e99592e5

SHA1
2162167bdc59a4a5afbcf8c5f14aa671667a7822

SHA256
4fa03ec66093c51d334aae58d13713bf15fe090455c0c6ab79e2c823988b7eef

SHA512
b2be1fae6c946f8f261849109e5913213bffee11d7daf46964f21489581d6f34cf3f59a0bc66a12bef444ab672ab9fa683d892c3dd69e988e840784e45b0b781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb165f9b-d368-47ef-b3a1-12b507c42b1d.tmp

Filesize
7KB

MD5
7bc7e7688dd975feb5212ca1fdd34802

SHA1
c62e229c301ecd0243a819a1c35e915a6a1cebc7

SHA256
bb6d9ab3015b133e91bc74c20b6f5b45f8f0c95b88c488ce5b93a982426a5b0a

SHA512
c25279840721cacbadae1c9da55a8b572b3da8e911f846c586a1b1cf760dc473daa642c5581fb06ac937fbb2cfe833d0f6346bea95766098de10299ffcfeb659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f734bc2bddad5f1652aea17bb04342a

SHA1
23d31eb69f055d0e881c2c15e5da2f981a9adab3

SHA256
a128fcca56c147131eb3b5b2c94831a291bb069f8a6964adcdbbb57e39907b0b

SHA512
873746d3632a6ed644ef944309f98e5e70439af562e4e4e2a01754af8540a8af38f6fd3f9b185e18067c698ca1ce79ed82450dc79f75a958ba3425a71ae13d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a5fec827d2b39590f70c02fb7d16f7c5

SHA1
8e693913aa09b923a017a11f93dda70dccac32f9

SHA256
71532d829955c01a618a2b626ef111badf1193b27c5a03a29fc0145e617ef811

SHA512
550beeff37a0bbc7c22b76d2523daaf217a28ee8b474ad94138be0302fa1820376e5cee2af9777c68681d17d6c77a2a4b0c43bc550713d75757082903becbdbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7690272f9b0200f7640f9eb290c7763a

SHA1
9344fb7fc6c6c2a693e2ff8be28b211531ef1774

SHA256
e371d7fe6b951a658ba2f4e05b50fa29391e89a13a0f12474f3a9317da702367

SHA512
4da1b67a764763c5965a377463020a741787e4f8ffa09235a18dba2416ac3f10e1862bd921f96c7faf3558eecd2beccf308471fa0afe2a40827b80f9cf5249b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
77d622bb1a5b250869a3238b9bc1402b

SHA1
d47f4003c2554b9dfc4c16f22460b331886b191b

SHA256
f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb

SHA512
d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll

Filesize
136KB

MD5
9af5eb006bb0bab7f226272d82c896c7

SHA1
c2a5bb42a5f08f4dc821be374b700652262308f0

SHA256
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

SHA512
7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Luxury Shield 7.1.exe

Filesize
7.5MB

MD5
9502776952e6900ae1f98934004b4293

SHA1
3905f80a539d37c648a5da1cc6dace16d3516c2c

SHA256
d8ca879cf734c21b84e3983a9245c4da2b38cfe23b1691e4ca265286c3782b1f

SHA512
cbef89e577c883283ce3e9bb48e2ba9eda010e40e6cb1a383d99e32b728a9553cdb83e0831c0bff961fd271cee4eab921f53c97d9412e87bec4d0498400b5fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe

Filesize
226KB

MD5
60219035e32ad00d4c691a1bdc6455fb

SHA1
5f3740fcf89a95437ce184cfe22f23ed8b5b9254

SHA256
e005f5c2e4fdd277ced1ae42272b864e47de334e0d2a1043f24c21253da18ae5

SHA512
b98eb125f7812ac5d2243bd0d6ee07e918af5d0a46d86a6b242a7d8f91dbaaa48fabb562c316abbbf93db0c5ffc3a16184233000b379bafcdb3104c470055fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dz0earwl.wx2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Luxury_Shield_7.1.rar

Filesize
7.6MB

MD5
e807f84e4b7d13b129f885a8de6e7706

SHA1
cc11599037ba929b3c39a054d6c49ba59444aacd

SHA256
97815a8a4139795fc19b4cdb27e27b6eeee9a4c344846f2e44f46405778515d9

SHA512
a791ef8fed590b2e5af5d7b3b47ad0bfdb5334e41c0275bc8bd37ef7beab150befe69de1db41a3afcce49bf1e2abdfdc53f969d555406ed982949db76e254045

Download Submit
C:\Users\Admin\Downloads\Luxury_Shield_7.1\Luxury Shield 7.1\ILMerge.exe

Filesize
668KB

MD5
2bb6322885e6ca0986206de174e842c9

SHA1
c5ea70169106d32bc513d28ea76ae8ea1e49380b

SHA256
8110d740b485bcb06ff406b17001714c3a146fe6517098c9dc90d812b83389fd

SHA512
9750180c54a5bd8f0e1fa8a8f529364430f2ef444efbf8ac51e8d2a0aaa4e3d21fe553865ba8567c7c19e4ae84d04b20464f391743e88c52c00cac0bf20fc2a7

Download Submit
C:\Users\Admin\Downloads\Luxury_Shield_7.1\Luxury Shield 7.1\Luxury Sheild v7.1.exe

Filesize
7.6MB

MD5
f145671c3c65072a5a49f1d1d68a4a3a

SHA1
2453dddb4e6ebd48604fff3094f6a59dacdc3ad7

SHA256
d5dcde7ced43245641793538f847c55e3271f5ff8eb45fa5616a00634b7e64a1

SHA512
6f9bb2a1c9e4f90c22f7e0675c6d0ab06e0b7875c432d229739000c568a9a0fa5024cd36ec6b947b520704ad706b945371029c24766cac3fb2d509f478dc6902

Download Submit
C:\Users\Admin\Downloads\Luxury_Shield_7.1\Luxury Shield 7.1\Pass to use.txt

Filesize
107B

MD5
f2b0d578a79ac19b492e04bc5a7050f7

SHA1
6210e3fec78230eb39649946a1cce41a980ed156

SHA256
78f53709cce69e858fbb201be13803e63d7e0aa84d7cabe1353ce4989c68eec7

SHA512
e1488c9d33160cd3f9ee112941978e746f37675b52f70956cd2c0cc8d5e6ac4657fb526dbf87ef9cbbf4d2679a2a001baa8289784ab17e10940750ca0664a624

Download Submit
memory/1728-825-0x0000000000A70000-0x0000000001216000-memory.dmp

Filesize
7.6MB

Download
memory/2416-835-0x000002206AA40000-0x000002206AA62000-memory.dmp

Filesize
136KB

Download
memory/2520-969-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-965-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-895-0x000000000C0C0000-0x000000000C664000-memory.dmp

Filesize
5.6MB

Download
memory/2520-897-0x000000000B9F0000-0x000000000BA82000-memory.dmp

Filesize
584KB

Download
memory/2520-896-0x0000000000660000-0x00000000019C0000-memory.dmp

Filesize
19.4MB

Download
memory/2520-902-0x000000000BA90000-0x000000000BAE6000-memory.dmp

Filesize
344KB

Download
memory/2520-901-0x000000000B860000-0x000000000B86A000-memory.dmp

Filesize
40KB

Download
memory/2520-903-0x000000000C670000-0x000000000CF56000-memory.dmp

Filesize
8.9MB

Download
memory/2520-904-0x0000000000660000-0x00000000019C0000-memory.dmp

Filesize
19.4MB

Download
memory/2520-905-0x000000000BD50000-0x000000000BF9C000-memory.dmp

Filesize
2.3MB

Download
memory/2520-892-0x0000000000660000-0x00000000019C0000-memory.dmp

Filesize
19.4MB

Download
memory/2520-920-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-929-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-937-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-951-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-949-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-961-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-967-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-854-0x0000000000660000-0x00000000019C0000-memory.dmp

Filesize
19.4MB

Download
memory/2520-977-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-975-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-973-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-971-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-893-0x000000000B8B0000-0x000000000B94C000-memory.dmp

Filesize
624KB

Download
memory/2520-963-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-959-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-957-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-955-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-953-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-947-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-945-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-943-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-941-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-939-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-935-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-931-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-934-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-928-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-925-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-923-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-921-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-916-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-915-0x0000000071F50000-0x0000000071FD9000-memory.dmp

Filesize
548KB

Download
memory/2520-918-0x000000000BD50000-0x000000000BF98000-memory.dmp

Filesize
2.3MB

Download
memory/2520-914-0x0000000070380000-0x00000000703B7000-memory.dmp

Filesize
220KB

Download
memory/5896-878-0x0000000000B10000-0x0000000000B4E000-memory.dmp

Filesize
248KB

Download