c41067c647d5685aa0116554f0e1eb95a4a114af7046daa1ccc4561edc36483e

Analysis

max time kernel
117s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2023 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DriverEasy_Setup.exe
Size

5.2MB
MD5

bfb4c3cfd7d868058b300ffec858e7a2
SHA1

08b38f2082aba63160cfe1e376cb216a14269943
SHA256

c41067c647d5685aa0116554f0e1eb95a4a114af7046daa1ccc4561edc36483e
SHA512

7e1dfed4cd3957b5e5e22562ee454c117d69ef48a73996f354a1c84aad68eeb5acd2c89d7d05d1c6238fbde956c4ca96b4e92ab0ee0c8a017ddc4e9d5e8f2232
SSDEEP

98304:TkLQhsosOuPdJ2gyJgGaMMygX9jhU6ZbqAZO5z8ziZHxC3IpdpyttB:YesoYdcgyJBa4gX9jhLtqAY8ZIdpyttB

Score

8^/10

bootkit discovery evasion persistence

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 1 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exe

pid process

4008 netsh.exe

pid	process
4008	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

DriverEasy_Setup.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	DriverEasy_Setup.tmp

Executes dropped EXE 4 IoCs

Processes:

DriverEasy_Setup.tmpEaseware.CheckScheduledScan.exeEaseware.ConfigLanguageFromSetup.exeDriverEasy.exe

pid process

3788 DriverEasy_Setup.tmp
2756 Easeware.CheckScheduledScan.exe
3212 Easeware.ConfigLanguageFromSetup.exe
3436 DriverEasy.exe
Loads dropped DLL 6 IoCs

Processes:

DriverEasy_Setup.tmpDriverEasy.exe

pid process

3788 DriverEasy_Setup.tmp
3788 DriverEasy_Setup.tmp
3788 DriverEasy_Setup.tmp
3788 DriverEasy_Setup.tmp
3788 DriverEasy_Setup.tmp
3436 DriverEasy.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

DriverEasy.exe

description ioc process

File opened for modification \??\PhysicalDrive0 DriverEasy.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	DriverEasy.exe

Drops file in Program Files directory 33 IoCs

Processes:

DriverEasy_Setup.tmpsetup.exe

description	ioc	process
File opened for modification	C:\Program Files\Easeware\DriverEasy\DriverEasy.exe	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Interop.WUApiLib.dll	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-NMSQV.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-ONT15.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\eacfb2c0-f819-4fd8-8734-52093b9cfae5.tmp	setup.exe
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Backup.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\7z\7z86.dll	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-7Q7OO.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-9PQ1R.tmp	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230220202833.pma	setup.exe
File opened for modification	C:\Program Files\Easeware\DriverEasy\SevenZipSharp.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo64.dll	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\unins000.dat	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-JNAB2.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-HGILV.tmp	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\unins000.dat	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-3DIFN.tmp	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-4V67F.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\HardwareInfo\is-UHPIG.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\HardwareInfo\is-VPOH8.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\unins000.msg	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\7z\7z.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo.dll	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-APEE8.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-7GDVP.tmp	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Core.dll	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-PUGP5.tmp	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-VBQQN.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-70NOC.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\7z\is-1UMUA.tmp	DriverEasy_Setup.tmp
File created	C:\Program Files\Easeware\DriverEasy\7z\is-P0DSQ.tmp	DriverEasy_Setup.tmp

Drops file in Windows directory 7 IoCs

Processes:

Easeware.CheckScheduledScan.exeDriverEasy.exe

description	ioc	process
File created	C:\Windows\Tasks\Driver Easy Scheduled Scan.job	Easeware.CheckScheduledScan.exe
File opened for modification	C:\Windows\Tasks\Driver Easy Scheduled Scan.job	Easeware.CheckScheduledScan.exe
File created	C:\Windows\INF\c_processor.PNF	DriverEasy.exe
File created	C:\Windows\INF\c_monitor.PNF	DriverEasy.exe
File created	C:\Windows\INF\c_media.PNF	DriverEasy.exe
File created	C:\Windows\INF\c_display.PNF	DriverEasy.exe
File created	C:\Windows\INF\c_diskdrive.PNF	DriverEasy.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 56 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DriverEasy.exe

description	ioc	process
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Driver	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ParentIdPrefix	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Driver	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ParentIdPrefix	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ClassGUID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LocationInformation	DriverEasy.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	DriverEasy.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ClassGUID	DriverEasy.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	DriverEasy.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Class	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LocationInformation	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LocationInformation	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ClassGUID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	DriverEasy.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Driver	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ClassGUID	DriverEasy.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ParentIdPrefix	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LocationInformation	DriverEasy.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ParentIdPrefix	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Class	DriverEasy.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exeDriverEasy.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate	DriverEasy.exe

Modifies registry class 10 IoCs

Processes:

DriverEasy_Setup.tmpmsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\Shell	DriverEasy_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\Shell\Open\Command\ = "\"C:\\Program Files\\Easeware\\DriverEasy\\DriverEasy.exe\"\"%1\""	DriverEasy_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\Shell\Open\Command	DriverEasy_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy	DriverEasy_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\ = "drivereasy"	DriverEasy_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\URL Protocol = "C:\\Program Files\\Easeware\\DriverEasy\\DriverEasy.exe"	DriverEasy_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\DefaultIcon	DriverEasy_Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\DefaultIcon\ = "C:\\Program Files\\Easeware\\DriverEasy\\DriverEasy.exe,1"	DriverEasy_Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\Shell\Open	DriverEasy_Setup.tmp

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

DriverEasy.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	DriverEasy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverEasy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverEasy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverEasy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DriverEasy.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

DriverEasy_Setup.tmpmsedge.exemsedge.exeidentity_helper.exe

pid	process
3788	DriverEasy_Setup.tmp
3788	DriverEasy_Setup.tmp
2364	msedge.exe
2364	msedge.exe
3516	msedge.exe
3516	msedge.exe
4056	identity_helper.exe
4056	identity_helper.exe

Suspicious behavior: LoadsDriver 7 IoCs

Processes:

pid process

652
4
4
4
4
4
652
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

3516 msedge.exe
3516 msedge.exe
3516 msedge.exe
3516 msedge.exe
3516 msedge.exe
3516 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

DriverEasy.exe

description pid process

Token: SeDebugPrivilege 3436 DriverEasy.exe
Token: SeLoadDriverPrivilege 3436 DriverEasy.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

DriverEasy_Setup.tmpmsedge.exe

pid process

3788 DriverEasy_Setup.tmp
3516 msedge.exe
3516 msedge.exe
3516 msedge.exe

pid	process
652
4
4
4
4
4
652

pid	process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

description	pid	process
Token: SeDebugPrivilege	3436	DriverEasy.exe
Token: SeLoadDriverPrivilege	3436	DriverEasy.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

DriverEasy_Setup.exeDriverEasy_Setup.tmpmsedge.exe

description	pid	process	target process
PID 3760 wrote to memory of 3788	3760	DriverEasy_Setup.exe	DriverEasy_Setup.tmp
PID 3760 wrote to memory of 3788	3760	DriverEasy_Setup.exe	DriverEasy_Setup.tmp
PID 3760 wrote to memory of 3788	3760	DriverEasy_Setup.exe	DriverEasy_Setup.tmp
PID 3788 wrote to memory of 2756	3788	DriverEasy_Setup.tmp	Easeware.CheckScheduledScan.exe
PID 3788 wrote to memory of 2756	3788	DriverEasy_Setup.tmp	Easeware.CheckScheduledScan.exe
PID 3788 wrote to memory of 3212	3788	DriverEasy_Setup.tmp	Easeware.ConfigLanguageFromSetup.exe
PID 3788 wrote to memory of 3212	3788	DriverEasy_Setup.tmp	Easeware.ConfigLanguageFromSetup.exe
PID 3788 wrote to memory of 3436	3788	DriverEasy_Setup.tmp	DriverEasy.exe
PID 3788 wrote to memory of 3436	3788	DriverEasy_Setup.tmp	DriverEasy.exe
PID 3788 wrote to memory of 3516	3788	DriverEasy_Setup.tmp	msedge.exe
PID 3788 wrote to memory of 3516	3788	DriverEasy_Setup.tmp	msedge.exe
PID 3516 wrote to memory of 2928	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2928	3516	msedge.exe	msedge.exe
PID 3788 wrote to memory of 4008	3788	DriverEasy_Setup.tmp	netsh.exe
PID 3788 wrote to memory of 4008	3788	DriverEasy_Setup.tmp	netsh.exe
PID 3788 wrote to memory of 4008	3788	DriverEasy_Setup.tmp	netsh.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2240	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2364	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2364	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2128	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2128	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2128	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2128	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2128	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2128	3516	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\DriverEasy_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\DriverEasy_Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3760

C:\Users\Admin\AppData\Local\Temp\is-2HF7M.tmp\DriverEasy_Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-2HF7M.tmp\DriverEasy_Setup.tmp" /SL5="$60060,4430333,1057792,C:\Users\Admin\AppData\Local\Temp\DriverEasy_Setup.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3788

C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe
"C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe" -create "Driver Easy Scheduled Scan" "C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"
3⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2756

C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe
"C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe" DriverEasy es True
3⤵
- Executes dropped EXE
PID:3212

C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
"C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.drivereasy.com/redirect/manager.php?info=postinstall&lang=es&ver=&installer_id=
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xa4,0x104,0x7ffdf4d146f8,0x7ffdf4d14708,0x7ffdf4d14718
4⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
4⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
4⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
4⤵
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
4⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
4⤵
PID:1236

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7d7b55460,0x7ff7d7b55470,0x7ff7d7b55480
5⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
4⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
4⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
4⤵
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6747392174430454073,12915359588365347983,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
4⤵
PID:4480

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Driver Easy" description="Allow Driver Easy Access Internet to Scan and Download Drivers." dir=out action=allow program="C:\Program Files\Easeware\DriverEasy\DriverEasy.exe" enable=yes profile=any
3⤵
- Modifies Windows Firewall
PID:4008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Filesize
3.8MB

MD5
f30a31b96033daecc610c63d02fe62fe

SHA1
d33467e55861fabefd8f367a7d218a6e9335b9fc

SHA256
4e8fc0afdfc43c8bd05caa7751fb81c4e2a5765337289939ac818243d38138cf

SHA512
816139de9901790ed67fc87c270e43c9ad587704993859204c840f674882dcaa8e79a6b3ddc43324ff0235c8f0ddcbae0987e6b54e6b9c041eb3c9f7027a98a7

Download Submit
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Filesize
3.8MB

MD5
f30a31b96033daecc610c63d02fe62fe

SHA1
d33467e55861fabefd8f367a7d218a6e9335b9fc

SHA256
4e8fc0afdfc43c8bd05caa7751fb81c4e2a5765337289939ac818243d38138cf

SHA512
816139de9901790ed67fc87c270e43c9ad587704993859204c840f674882dcaa8e79a6b3ddc43324ff0235c8f0ddcbae0987e6b54e6b9c041eb3c9f7027a98a7

Download Submit
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Filesize
3.8MB

MD5
f30a31b96033daecc610c63d02fe62fe

SHA1
d33467e55861fabefd8f367a7d218a6e9335b9fc

SHA256
4e8fc0afdfc43c8bd05caa7751fb81c4e2a5765337289939ac818243d38138cf

SHA512
816139de9901790ed67fc87c270e43c9ad587704993859204c840f674882dcaa8e79a6b3ddc43324ff0235c8f0ddcbae0987e6b54e6b9c041eb3c9f7027a98a7

Download Submit
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe.config
Filesize
263B

MD5
0550e282f7d6d76a0b757916257599e6

SHA1
795f1f6e4e93a5d5281a27839b4995ad817e7ac4

SHA256
6847509084814f51bde2f3bfd9b689a52451b4d976c0850b057026f65c47d445

SHA512
a6b81da11748745bdccf0a4683837d3c9c52be648698b155581fabb23c39814f276c145a91c2c25a3aeb28389fa56763f7119e74a878cb7fbd4c25c8deac3f73

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe
Filesize
42KB

MD5
fdf20feeb9caf2a14f145de1a86735e6

SHA1
4e4afceaa48be5a5ed3755c890f4298b55ffdd9b

SHA256
bdb4194495d2c8b9ef12a47b30d024f8dbce3411364a5ea7e7a2c95cbc67b69f

SHA512
898d2aa9682b5a2c3a5e932686fb2fa8b1fe92fc45134214dd7610138378088a265c2096b06678aa475b9ca0f669fb4e902974632d316d7195fa3aa2af2e93be

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe
Filesize
42KB

MD5
fdf20feeb9caf2a14f145de1a86735e6

SHA1
4e4afceaa48be5a5ed3755c890f4298b55ffdd9b

SHA256
bdb4194495d2c8b9ef12a47b30d024f8dbce3411364a5ea7e7a2c95cbc67b69f

SHA512
898d2aa9682b5a2c3a5e932686fb2fa8b1fe92fc45134214dd7610138378088a265c2096b06678aa475b9ca0f669fb4e902974632d316d7195fa3aa2af2e93be

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe.config
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe
Filesize
20KB

MD5
6aeda5d79ebecf0448def2bd7de36580

SHA1
cf4040ee6c25b6093376eb64700ae3e18b6011fe

SHA256
ec75f8857679272f4050b7bf538f2f4c382af43e06b6b4da5867ccf2deebfe63

SHA512
82ea43abc541e42c11e22494482e095dd1f02346f97e159e90dfd55f3fba5c9283a8941f10d3c84ae585397be5a603d2a2b990cd4fc31cbcefb84cda729422ef

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe
Filesize
20KB

MD5
6aeda5d79ebecf0448def2bd7de36580

SHA1
cf4040ee6c25b6093376eb64700ae3e18b6011fe

SHA256
ec75f8857679272f4050b7bf538f2f4c382af43e06b6b4da5867ccf2deebfe63

SHA512
82ea43abc541e42c11e22494482e095dd1f02346f97e159e90dfd55f3fba5c9283a8941f10d3c84ae585397be5a603d2a2b990cd4fc31cbcefb84cda729422ef

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe.config
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Backup.dll
Filesize
59KB

MD5
6487c9183f43dd1096893ce52e636906

SHA1
8fb6593e4c556f390e68a1b0133accaafcfbff52

SHA256
64ecfd4ab095b7b6dacbe56961b6ed2836251c3986f97d9cc2287d53ee82d009

SHA512
3632f4e793eef2bc8331f314ba98970ef3761bfbd35bd2244e00268dbe32c3fc61607d8954673a4ae84706c32b91f0c491805f0bbf1c14c8bc5917a3255c950c

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Core.dll
Filesize
293KB

MD5
2c04b0ee7e43dfc8a94df32eaa037f5e

SHA1
200b959eb6f6083ef3bbfb37d191cdaa7a821d8e

SHA256
79066561cb337c9b09e2c1b361ff380029364364660e9ec1bcc0ffd5f854d94f

SHA512
c36a818b2842305e87511390ac0000d3bf2f4fd1898191d2ad85bb3986465dd76f13f5e5329f6041208fed4ec85d1eacb464cbc8ecd5366ae331db548293cef4

Download Submit
C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo64.dll
Filesize
1.2MB

MD5
7f47736a9a3eaa2178e7a29ec05beb39

SHA1
22442b2478f0b2efdac82b975ea5a6cc5b2f855a

SHA256
e7976a344aef41e47868329165ea3f14d16faacee291b8c73d89c128deb449ca

SHA512
6e399656515a71656bdfee2980f53cae6847e4b7bc7d387dbc3a7f2859d6863e1a7403c6ca58130a164fbc3b4665ee883fc97bb29b9df8f1d6aa1d139305dc86

Download Submit
C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo64.dll
Filesize
1.2MB

MD5
7f47736a9a3eaa2178e7a29ec05beb39

SHA1
22442b2478f0b2efdac82b975ea5a6cc5b2f855a

SHA256
e7976a344aef41e47868329165ea3f14d16faacee291b8c73d89c128deb449ca

SHA512
6e399656515a71656bdfee2980f53cae6847e4b7bc7d387dbc3a7f2859d6863e1a7403c6ca58130a164fbc3b4665ee883fc97bb29b9df8f1d6aa1d139305dc86

Download Submit
C:\Program Files\Easeware\DriverEasy\unins000.exe
Filesize
3.2MB

MD5
5db3f851819182022dc6ab874814a992

SHA1
663132eba6bdcd27a34ca6b6f9f9fc9bddde58b6

SHA256
a6de4dae9e9f2df8f993fa629787887e63029e5b9eafb639451876d2739e0567

SHA512
9606971c9e483d6d809de70fc48e3d2bf101a5407351d0dee8afb9577e18d04cf0a94b62f85caf249313609995d5e8840feba325c162149b1aaa7bc00f26b119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
290B

MD5
f173f8dfbd1e0bde6ca1098a0b55dd57

SHA1
982ca311b09e7028c097a345f570299353250ff8

SHA256
5e6ebf9d4872f0b6fab8beef7ef2c1f9d8e4e86152169f7d7477d2878c51e1f6

SHA512
3e6dd57202a4b88fe624e168cbb4823016944b74ad129e44edf45e3c79aed4473b110097e434dba121029373ee026658926e34a8aebbad6dad324d5461ebae80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
646e39d8d3f792a4dfdf8669e8b9081c

SHA1
e9a4278555685fe01cb88913763323877e543e2b

SHA256
33b4987bb63cf995c29c5beec286564feec82a7df95452dd0818bbf090a0322d

SHA512
69def871b3fc37cfab4111677d4cf14400c87eee2126292fd0e965660d195e10040b79f06ce648bf1bc02ae45dfdc2b1b5867bc434b4928ae231c1e9543e6612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
2207e293a8a26f81eadb16067d75b8a6

SHA1
7e6540221e0f4231dd52eb2c624c188f9475e022

SHA256
a7b09360c181d02e9c46cbb3156d0005cc23108bf0edb61b10adbb16cdbd669d

SHA512
a2013d5116e7a525d3208672ce853d6fb186442a237557b4debe59755db81bbd3ce3028f9e717299565ce60458da8d3063a7a70e88d83fd2bb4a572146abef35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
b623e479798aa12719fff585308acbe3

SHA1
06c542afbdc2d1e87ca6e9ed70564450edf9a34b

SHA256
a86494eb1a365f5c03e3703481fd590d711c1f84d9e83101fc67e20e6e8e730f

SHA512
6c39bf09e7e6261fd125d1b149259b9a7cedf67da0763a835c7d5ef346cd72daef2f463a34badfe3be11ac7ba0df00ad220ae0b8bcccc5e70226e85277ff0357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
186B

MD5
825cda681d01b7e8dc43091cb02bd250

SHA1
e1b8244999ded3a647e4b4151435e0183c93f00a

SHA256
f092801655393d08cd38dafcdc0672783429c520c172517b0dedad616a0afb5b

SHA512
432eb04df34b71d2b943ebf8aa7e5597b14393426ffbfb973bcc9c8a019c7a72ca70100ec5310aa326f601277417fd44e8cee21973ca2b153c6aaf79d1863a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
1e6976302e22b3ba037ea6bd3dc0a1da

SHA1
7ab1d982885e02a8f95558e72fee72eee86a41f3

SHA256
d72c2c38ef1b852f070086b31834aec12c7aa7f4a53b582232c0d047c4f95a9a

SHA512
440124e2afc1cde3de3ca050ceedc9b58a107bfd2c87b3f39ee3082bf639662b7e1688689191ebe7c440d2eb1a364060fe7a6ef0ba4bfb4f8ba31f0fc0862560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
444e3ad0beb3d0f4c7106c9cf6b9cbad

SHA1
d5917d344cf69609d0ab0535e39920c754afd800

SHA256
504267927c6822aa4b07e5d77d1ec8d6b91331bda6b432766b88830bc0bca97f

SHA512
b7b5ddb99b4f5f5c06ab8e5117dae5c2582692ed0bd8f519aea73618ee058cdbb6f2372386e5266d8ed3c241b64a83e89ee01767aeae83f136f756eb059875ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
26be9b5ef109a66d25d5be4d64b839d2

SHA1
300b9768b8ee7675639adf0b9df1afbd4ca8633a

SHA256
d386078e59f1ddc1d7a96d676954b35b4096e52f12f8a8793b5c197fe9d8ebce

SHA512
0660d19b16ac21fb6388deb5861ae54c630d1b0d212ed0b6c47530f5caaf6c96053884a6b0f9c74a4175aafeea35251b5245637ebab773e628c7aeea3aa744e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
38dec12bbb203abef865dff765774151

SHA1
65946954eb3918c8e933d43e7ef00e4e48d65930

SHA256
d0d6bac8c955bfbb68e4dc33b6e2fa1a018d998c407b5620cecc94868c8dfc29

SHA512
934970a63dc3255a15615a0659d86276181ef575b20eb504f1ef576b4fc4a8c9116e6338673d71dcc466e508bc0e479639792d44bd23a2327c2a588c85a68196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
40a9ed7f14b3302bda6345e50854c9b3

SHA1
a6cbf7c4a2e6c6b0b9ee5458da23b01a2a3d2eda

SHA256
bdfc651abd2378e4aba3f04802e2bad37997a1410e1dc13ad7f903390c401826

SHA512
69582785341bac675804279d7af448d83caf9b8d19a37273c1f7d32fe078b9b8f778cc3359deefb1f3a46d6e0a63d59baaa3069c6f3aaf4e4ecebaeacf3883f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2HF7M.tmp\DriverEasy_Setup.tmp
Filesize
3.2MB

MD5
5db3f851819182022dc6ab874814a992

SHA1
663132eba6bdcd27a34ca6b6f9f9fc9bddde58b6

SHA256
a6de4dae9e9f2df8f993fa629787887e63029e5b9eafb639451876d2739e0567

SHA512
9606971c9e483d6d809de70fc48e3d2bf101a5407351d0dee8afb9577e18d04cf0a94b62f85caf249313609995d5e8840feba325c162149b1aaa7bc00f26b119

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2HF7M.tmp\DriverEasy_Setup.tmp
Filesize
3.2MB

MD5
5db3f851819182022dc6ab874814a992

SHA1
663132eba6bdcd27a34ca6b6f9f9fc9bddde58b6

SHA256
a6de4dae9e9f2df8f993fa629787887e63029e5b9eafb639451876d2739e0567

SHA512
9606971c9e483d6d809de70fc48e3d2bf101a5407351d0dee8afb9577e18d04cf0a94b62f85caf249313609995d5e8840feba325c162149b1aaa7bc00f26b119

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\background_finish.png
Filesize
10KB

MD5
d616086585f3450d847f32f3e6ad8317

SHA1
ae222b6fda568ed2703ba19a0531c9cf44f33602

SHA256
b0e957bf89342424da907d866ff5d1c614a4fd3a0603f4de9c57f606a360debb

SHA512
48c254024db087dbdde5bbddbe717551ce8a6b180a3c2e552fdbfc5c4890d4cf03e28097e4c5fd938d67b875a54545cfc77e3b1c06c38d760dc79c78ab59e5a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\background_installing.png
Filesize
21KB

MD5
01acdcceac1f70fdd485fe5f634d38fd

SHA1
59797b45a0fa77ae84d38744b274a41aff49fec9

SHA256
29cc4235d79581dc85bce06183738f4562c4f9e5e35ce3f1c55366fcfc25d38b

SHA512
364b533b98ef7825f86939f36878d1615647b1480e8320cecbeb9ef629a5668df8629dcfc89d56cfcbe8e7840791015551a112c9a906142372e6178088c8ab8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\background_messagebox.png
Filesize
1KB

MD5
1549ea2cf00358fb791db13bcb773501

SHA1
ed199cb343304bfc7116ce4755d6f7ff7b6304d1

SHA256
d9cd2cee2f362d1388513d5da6031259ff9ce97e0f13a992c50077e8eaf33e54

SHA512
a2892c12f5eaccc4216e8aa5a5a88f3a0ebdcebb142f145e218c5d94697e127eba613d2bafdc82700064714035df9a8420cabceddb65ea4ad6cde339c5af0a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\background_welcome.png
Filesize
10KB

MD5
f048154d9062a3c2f147b6380ce6f3ac

SHA1
5abfa577139f41e7f28769f98304b878ad3df696

SHA256
1d537619ea6508a383387d88e523522436e86dc72b929680e1552b10e44cf0f6

SHA512
4875070a599a2afc5d8f6f4b0803397e1fc425807af90d377270b857da5631a78c9a61442572229c63891b7a5ecd96dcd8fc06329988dc6a97eec7db926e3e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\btn_browse.bmp
Filesize
14KB

MD5
a14d38bcad591c0f1a3cf9f5f77e3000

SHA1
268665e61ff92a50f8060cb09fc1e1baa9dd16ad

SHA256
1642d5ba407ad652fae4a4d10a00fc1c0728d94a6ef75a8d0901a2b315f1677e

SHA512
e7527dab0a030bf9913528f7e7261e2be03bbcb6342b61e69d16b3ae1fcbec8e53f376ae9e4866aff6efae840f1578549e4034df852a260d7530583449a5598e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\btn_install.bmp
Filesize
70KB

MD5
447126e21ba415d65a71e514987d08ed

SHA1
3c88bcd409acc7a239159cd658df50c79bdfddf1

SHA256
1d0bc1f1d4ac68ecd6420a3031803620d5bfcb71dec93ad4f74e4cd1ee1be6c3

SHA512
82cf2b1299cb85b88970111464f6cd2572e5cb4518aaa894bb5189e45616cd8cdce3fd260deaaa6b71f2a570883d09fb7cc4268d3116dde96b10f100a74244f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\btn_open_driver_easy.bmp
Filesize
84KB

MD5
ad03372cbb92556c505066f2b54f58fd

SHA1
d5db73b1065307a101d56029caddc8209e4b190e

SHA256
8340de8432c690f08d566f6109ad8b7fc7c27b2fdf9f8e498a24861b3fd1008b

SHA512
27513b3b172a5738e46e1a79924ea95b76ae67be6a6e2452e39963221a0f426cae58c6426d5d2390221201e55a9b970fa2639e1516288528f22ea93b20dad44a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\button_browse.png
Filesize
2KB

MD5
c7c746fcc5542d734a3860b425ac6a1e

SHA1
fbec196d3b5b64ef14e10f6583c51206436f46cb

SHA256
7cdac82567cdd9719a83bcb62c098c6d2b19d115f10e3db2b164b5f3b0ed1f89

SHA512
e541b97fa6a6044ee95dde3b6f2d6232c4f1bf96c490eacce9be76eebdd760eacdb1b36fd4b720ca206a5e9ddea0870e0eae7b514f0edfdf0fdd80c594b677b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\button_close.png
Filesize
1KB

MD5
5f6a7af5eca52aa134a4a06832a5d005

SHA1
25ad7d62392ac4007e1ed1139e319edd14597f62

SHA256
7d9ef408ad2520d62d4389c957e105d3fabf14697d2846b77e4fc488fbb84535

SHA512
4001faa3b99fb852991106846889bf6e16b50c2977e6cf7749a89f1925f0e70f9265688dcb10376ed77d07a816f80e6484273877ad726ed046ca1c49a4e71ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\button_minimize.png
Filesize
1KB

MD5
0327da652758a468b4a782e3392eb72b

SHA1
58fda11c77fd75c42142cbaf5a33c22d984da76d

SHA256
a1c151e746184ba06e9ff178b4134fc8763f64a53d017486cbfb5b2a9af36ca0

SHA512
07a3f282e64e4aa163052242747e10a0b3c0aeb8c70077840c6a00c3149025a95d0a4a21b43dfb546e274aa8354d71d3451e199fa7a8b35b7be3e9da714e4fd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\button_setup_or_next.png
Filesize
5KB

MD5
b9e4b8247138afe12ae2157b20628de9

SHA1
7814f463723eea931c4c139bf6bb01bd0349d0c8

SHA256
7877a7839c12c635271f4f03b980f80cb2cdd19b9c660e706edac85f2ca50022

SHA512
7a612b1dc28fccdc8c47d0f68afa530dfccaa5c657a109cf1927ec983b6090bc3ddab8fed0826dbf4f5319d84fa4b2ba70714c9bd3027272d7dc334f3e3e4e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\checkbox_license.png
Filesize
2KB

MD5
b66aff516f0d0b51ac1330ad38f0da68

SHA1
3c7454547eb33669609f91716ae4cee0e4fbbb9b

SHA256
e76216c1183152853638f804170efebe8d061d11c30ea9bf9e6ed1a9fcc6afed

SHA512
b1ec90c4a69bc45fa59eeb27adc8ce168209fdf1653fbafee5775e76719c5a170e9eea1cefbd70837cc518d0ce86078a43a12dfa415514c0d96ff462dd670435

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\icon-info_60x60.png
Filesize
3KB

MD5
1df20e390976ad57765f1449e07cfd72

SHA1
065e56256389918977f6fafb08dcc700572b9667

SHA256
7a07b728ebede2cf1b4e81a50b7f5f9beae0975d4909c889e0d650472016663b

SHA512
24465bd65a39c3631a2c4b8709fbb09b279bc21d2056cc21bec4253787ff5a60662b5869b0e912ed529f280745b0436f9b76ae0370625dc41aff03995d9a5b1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\icon_custom.png
Filesize
1KB

MD5
39ab68a67302e28f0ae08ec418890d2e

SHA1
f3499299e54d05fff2ff8b888a1aacefa8f4e5fc

SHA256
a22aa447e1f620098e969d56688e79cc4b3b729afe83a13468e86cd2927545df

SHA512
efe3bbb6769bc9a694b994303bc56f566b2b532f31cc067d137df972d332c18541513327440f914671ec1253b3d0827ac6a3be1eb5c81f921ffe128587ecff39

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\icon_custom_down.bmp
Filesize
1KB

MD5
5364a733d3df6ffe2aaeac7ea868b835

SHA1
17a918fe62af149b69bc39f89f1ece3687b7ea17

SHA256
6da5e640207cd3b84aef694d0ec01d8b0ccf05fe0676defe09a9e0e2584fafbe

SHA512
db735912075e217cc65084b632cdb3b2d6bd93d936a8dab99a914a9547ba8119fe63cb5e943de7d4ea3c8b3bf28b31a6dacab74f084508947d340bb7a255d835

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\icon_uncustom.png
Filesize
1KB

MD5
5a7f3314fbd8a3db765394798bc8a9ce

SHA1
2b48d22c07be26ac653e5ed30b8e816f96914345

SHA256
2f67d842567176b42176784bb001ec63e3d84685fa35aebe5c23db20a969d427

SHA512
d371ba564494c05d5fda955b1c6665473637b6d7bc0fe8c26ca57ec2133cc9664dab2bb4a5cdb02b2886ac94d64629f7af2edcbb7362ef4aedd53956ed31f824

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\innocallback.dll
Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\innocallback.dll
Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\isxdl.dll
Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\progressbar_background.png
Filesize
271B

MD5
8590e035e72584ca56eba6a9dfb23a33

SHA1
ed65e65a189b1f1e1e8e2322989742c27cd66c0c

SHA256
c5267ffea02e06c538c8be10b1b83513830d6390a069761d10a4b67d9e684f0b

SHA512
ac15c3f675766d3c4b70b4a49138e610873bf10086f83277ba88ca4b8b5f8de6eeea74957c82c63d92b662f19c72673bf397c789d4571db725c6de14b60047e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T29SQ.tmp\progressbar_foreground.png
Filesize
396B

MD5
1432db7bb8b975c28f110a373d9efe94

SHA1
2012c2f48f43c1a784536fedc5489a65a839012a

SHA256
add59e97c665f0b2e91ed46a9e229320ca3b99f64fc09a54fd5456a8d906f82a

SHA512
330be9944f137fc950111092beefa64a2e5c2a14278dce6d077c07ffd403723b08015ebafcbba96c7afaccd4e66029549536a5327b5d9f789b644a1083bd4f9d

Download Submit
C:\Users\Admin\AppData\Roaming\Easeware\DriverEasy\settings.dat
Filesize
892B

MD5
5326db156e028aeb4a00f7a789b84f02

SHA1
66e9f0a99d98dcf363a36f02510e5a8fc15d9c15

SHA256
0ef09bf7bf33e0e7d3d306fb0bb08c567e2078873bfcf04b35664e90865a2418

SHA512
94199cc27e7e3e0b388bcf7164b92c4bb5b2e4d71d9d09fafb1c4cdd4cf5a980a23cc0c1cd08fb8e43a7e9ce6cfb87de6858597776aa6f10b51433afaeee87cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\12YI3AZ1Q9P1ZI9DEOQ3.temp
Filesize
3KB

MD5
79bd1adb2a4e10776351ce6922516865

SHA1
5839335dd77e04a2114c7a0906400aad419f5458

SHA256
43ac3a7d582b6150197514fa3e260f016588a0d3fe9a0e67ae05963edf257e07

SHA512
47ed7fa991fc06885fb317504b442d5bf47b636f700d3ac9aa9e7d16b5f28b1d5ebd3ff72de1aebaa7b18d67d46150a9c70c63bab738625bd82959baaf147cf9

Download Submit
C:\Windows\INF\c_diskdrive.PNF
Filesize
6KB

MD5
37fb53b046ccda93e4826b2ef97074b0

SHA1
f654e9cb0015f975e3cf8c6614bdf30051b1d9c5

SHA256
09f67d5e1b8a402b5cae3cd88e5a5a79117aea6788b648d9cc417c548e015921

SHA512
57cff360d8cccf603a4803caaebce58ea7d8b3441d4373ac029850193c26294e94b6ddbad4fc6d679044bfd5ed4c19d7111257408ebb397c7f1a8e17acf27451

Download Submit
C:\Windows\INF\c_display.PNF
Filesize
8KB

MD5
05db1b3ba391b7c0738a905e42f71aa6

SHA1
38c45245223d16f59b0fcf03adeff1e7e72be034

SHA256
b6e970c4446cf889ba10f37973b79db6df39dc1466e6892521ad360da575352d

SHA512
996565418ed94fecc70ce961d5cf37d7a29dbe0482e23e941ee6743acdf065727735055850049428eba985144f72c8a799828f44eddd9ffd8a8e42951a1632b5

Download Submit
C:\Windows\INF\c_media.PNF
Filesize
12KB

MD5
d6f787534eea52824abfef940379b071

SHA1
b200fb5e314de41c743ac84fc973584dee668946

SHA256
feedfdacbcff878dd0f877736f880b045941e25cd3c4013357d4e2a293a1e7d8

SHA512
7ba2d3f0858a5aea61486ba8eb96fed621384258b5055e97a314d9cde71081545d881059d9bcd5bce4f5cb2d7cc341090d2cc419cac44302708b8bef17e4beca

Download Submit
C:\Windows\INF\c_monitor.PNF
Filesize
6KB

MD5
29f6df5957016e418fbd0f2407e3575e

SHA1
0ffdc37e214ad11658b1732a8448eab853713b6b

SHA256
8175f3000d31f9afadbbba3149b647da59b30712668751cd04216bbbbc9897ee

SHA512
e5916dfd44a4456d0f8c7f42b993426c1196059c053a46ac324104edc674944f622b43c7ecb652e1904dd11932d98b87216e7860f5ce193bcd8899162dcbcc8a

Download Submit
C:\Windows\INF\c_processor.PNF
Filesize
5KB

MD5
b9fc29f586c7a0abdb7f33a173bd4518

SHA1
8a6386314e2b0dac9e57874164e865a6a94a0ba9

SHA256
6040b942d0887f914a296e8ae0cc67300c479d4d0bb24bd07dde54ee142c4161

SHA512
b44ea31a19c30c6b1fa4ee964284bc05e6d373d2c22a5012aec388465eb96b84a071804e49d2be577cf07ed24b535bd19e39c30b9a191a140f0c3875682cbfe3

Download Submit
C:\Windows\Tasks\Driver Easy Scheduled Scan.job
Filesize
424B

MD5
a4e622b268ae237d8c764bd57948f22a

SHA1
802c859a865a3c40bfaa778dfe37cc0b2db5d651

SHA256
95520a30cba617625f82b962bcab7cac26d5a5270fac0b9ba9138381ca828818

SHA512
aec1a4515e249c2d4f6514b32c81fb7e40a7dda5525e11e3c76e5744b36eadf69cef6b4eb3e09e6257d8ab465dc5bb2dd8115593128bd94d0786f4db504f182a

Download Submit
\??\pipe\LOCAL\crashpad_3516_HJNKPNKMATUNEBBY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2756-367-0x00000263DE5A0000-0x00000263DE5AE000-memory.dmp

Filesize
56KB

Download
memory/3212-377-0x0000024DE1360000-0x0000024DE13AE000-memory.dmp

Filesize
312KB

Download
memory/3212-375-0x0000024DDF690000-0x0000024DDF698000-memory.dmp

Filesize
32KB

Download
memory/3436-466-0x000001E92F680000-0x000001E92F688000-memory.dmp

Filesize
32KB

Download
memory/3436-467-0x000001E914FF0000-0x000001E915000000-memory.dmp

Filesize
64KB

Download
memory/3436-406-0x000001E92EFD0000-0x000001E92EFD8000-memory.dmp

Filesize
32KB

Download
memory/3436-407-0x000001E92F2A0000-0x000001E92F2D8000-memory.dmp

Filesize
224KB

Download
memory/3436-408-0x000001E92EFE0000-0x000001E92EFEE000-memory.dmp

Filesize
56KB

Download
memory/3436-559-0x000001E914FF0000-0x000001E915000000-memory.dmp

Filesize
64KB

Download
memory/3436-411-0x000001E92F280000-0x000001E92F292000-memory.dmp

Filesize
72KB

Download
memory/3436-572-0x000001E914FF0000-0x000001E915000000-memory.dmp

Filesize
64KB

Download
memory/3436-589-0x000001E914FF0000-0x000001E915000000-memory.dmp

Filesize
64KB

Download
memory/3436-417-0x000001E92F650000-0x000001E92F65E000-memory.dmp

Filesize
56KB

Download
memory/3436-403-0x000001E914FF0000-0x000001E915000000-memory.dmp

Filesize
64KB

Download
memory/3436-475-0x000001E914FF0000-0x000001E915000000-memory.dmp

Filesize
64KB

Download
memory/3436-468-0x000001E934540000-0x000001E934548000-memory.dmp

Filesize
32KB

Download
memory/3436-399-0x000001E912FF0000-0x000001E9133CC000-memory.dmp

Filesize
3.9MB

Download
memory/3436-656-0x000001E935520000-0x000001E935A48000-memory.dmp

Filesize
5.2MB

Download
memory/3436-405-0x000001E914FF0000-0x000001E915000000-memory.dmp

Filesize
64KB

Download
memory/3760-465-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/3760-311-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/3760-133-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/3788-216-0x0000000005AB0000-0x0000000005AC5000-memory.dmp

Filesize
84KB

Download
memory/3788-459-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/3788-207-0x00000000037D0000-0x00000000037DF000-memory.dmp

Filesize
60KB

Download
memory/3788-138-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/3788-338-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/3788-342-0x0000000005AB0000-0x0000000005AC5000-memory.dmp

Filesize
84KB

Download
memory/3788-343-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/3788-341-0x00000000037D0000-0x00000000037DF000-memory.dmp

Filesize
60KB

Download

pid	process
3788	DriverEasy_Setup.tmp
2756	Easeware.CheckScheduledScan.exe
3212	Easeware.ConfigLanguageFromSetup.exe
3436	DriverEasy.exe