hxxps://drive[.]filen[.]io/d/c5ce9df1-757e-4c04-bded-530f94e23a89#zqmj0xCKjaa2OJYW12GRIwqRLp0dMBND

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.filen.io/d/c5ce9df1-757e-4c04-bded-530f94e23a89#zqmj0xCKjaa2OJYW12GRIwqRLp0dMBND

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5716	Mail Access Checker by xRisky v2 [Free version].exe

Loads dropped DLL 1 IoCs

pid	Process
5716	Mail Access Checker by xRisky v2 [Free version].exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 57 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
2728	msedge.exe
2728	msedge.exe
1620	msedge.exe
1620	msedge.exe
1168	identity_helper.exe
1168	identity_helper.exe
1428	msedge.exe
1428	msedge.exe
1172	msedge.exe
1172	msedge.exe
5716	Mail Access Checker by xRisky v2 [Free version].exe
5716	Mail Access Checker by xRisky v2 [Free version].exe
5716	Mail Access Checker by xRisky v2 [Free version].exe
5716	Mail Access Checker by xRisky v2 [Free version].exe
5716	Mail Access Checker by xRisky v2 [Free version].exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5716	Mail Access Checker by xRisky v2 [Free version].exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeRestorePrivilege	6108	7zG.exe
Token: 35	6108	7zG.exe
Token: SeSecurityPrivilege	6108	7zG.exe
Token: SeSecurityPrivilege	6108	7zG.exe
Token: SeRestorePrivilege	2364	7zG.exe
Token: 35	2364	7zG.exe
Token: SeSecurityPrivilege	2364	7zG.exe
Token: SeSecurityPrivilege	2364	7zG.exe
Token: SeDebugPrivilege	5716	Mail Access Checker by xRisky v2 [Free version].exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
6108	7zG.exe
2364	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1428	msedge.exe
5716	Mail Access Checker by xRisky v2 [Free version].exe
5716	Mail Access Checker by xRisky v2 [Free version].exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 3248	1620	msedge.exe	82
PID 1620 wrote to memory of 3248	1620	msedge.exe	82
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 3064	1620	msedge.exe	83
PID 1620 wrote to memory of 2728	1620	msedge.exe	84
PID 1620 wrote to memory of 2728	1620	msedge.exe	84
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85
PID 1620 wrote to memory of 1940	1620	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.filen.io/d/c5ce9df1-757e-4c04-bded-530f94e23a89#zqmj0xCKjaa2OJYW12GRIwqRLp0dMBND
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6ed46f8,0x7ffea6ed4708,0x7ffea6ed4718
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,13219169896600636341,12635425056962931819,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5484

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Mail Access Checker by xRisky v2 [Free version]\" -spe -an -ai#7zMap530:156:7zEvent23623
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6108

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Mail Access Checker by xRisky v2 [Free version]\" -spe -an -ai#7zMap26053:156:7zEvent1314
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2364

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Mail Access Checker by xRisky v2 [Free version]\Read before using.txt
1⤵
PID:5408

C:\Users\Admin\Downloads\Mail Access Checker by xRisky v2 [Free version]\Mail Access Checker by xRisky v2 [Free version].exe
"C:\Users\Admin\Downloads\Mail Access Checker by xRisky v2 [Free version]\Mail Access Checker by xRisky v2 [Free version].exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5716

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Mail Access Checker by xRisky v2 [Free version]\Read before using.txt
1⤵
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
2444443e4747872a8dfcc496f7ea85db

SHA1
2bc49dba512bca4c5fc3ef8e70281db9b76c8cac

SHA256
6385a4cd067d7913fae5dcd8c8293f30e6601975f533541381535dd599843e8c

SHA512
c43cc149a8ecfc626695521950605a28fbd15727591f89f8b7dc7fe930c61c8ab963f0592dec0049eaf1809003cb9eab0366757881d41f2291385c87c848b5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_drive.filen.io_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8239cdc0d1427e010ae541a1c38fef66

SHA1
233bdc8057f99f3b3b1aff627ebe5a6a9434d466

SHA256
6839bdafb8d567761ce278d99f0d814b41c1915f1884e01310ed2570d27f40e6

SHA512
3f1d6ccb1e9434d1e5b857fba01b2c6bbbe0572857085778c190fba1849a818419c9a389bfc687d9cf26ad0305c81d33f36fbce5d5fd475113d408bbf6ac423f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83344cb97cfab11c47a2b717c2e8a372

SHA1
94898c9ef4cf2ab46d151ada0852786763db05c7

SHA256
dd43610b2a4e8a0bb57dd527f2f667bae30fb60646bcbcb54be3925725d0a233

SHA512
4d5df99bc2934f43eae8a9e6e900798d767b6e660fb538c51686ce8afdc1e57fdc27f5c5ea2fbd251ac2236dbef890012824021fcefbd7a42c0a635d10baba73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c94e5ee598142eca274107be2530713d

SHA1
2319c24762ea8a8c19c13663cef9c436219c8f09

SHA256
96c92a6ea14bbd9dd0725e691334cdc00fc52b7fbb96e1d648ca6222c42a87be

SHA512
3618cb002be2569326d21b38c07d5072a24b8de23a72623076218824f54f9cd07c9dae5b325c25f66f6f968b08fc973273ce62ac2ee80434071773216d8a7ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a940.TMP

Filesize
48B

MD5
9c104c68528d897c39665abdad309ff4

SHA1
8778a0f9ec8eca72eac9668984a90448dea763f8

SHA256
fd6797b81c24500cada2de7eaf37b899d24e05ceaad574cdae97285dbabcff7a

SHA512
581a9debb5087b3cbafa97de26c51aebc51018e3bf49780ad3c166a9ab1d124dd9c5b75ae38ee494be3a0ed4e87bcaa5b1731303edb49e8b92dfda7181d86cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
0bdeedd07d203ddfc303fbe213e432e0

SHA1
2bb0134f1c3e51f329cec2a4061e1f3c038f00bd

SHA256
c0d00fdaccc452c0a29c147e06e561f75e85cd01284598be75fa9df18a21f6d7

SHA512
df24828b802e3e441475b2d4713658adac653ba359b8358f99d5da099dc77a078a251186f45dc4d11967bdc3165b9089fd3f6545c1cd0e7bf13b39454c35fc9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
f56db06704d0326cd8f372a22bf67b1d

SHA1
3231307c29d861b7fe5cf72f7bfeb61b9439ce00

SHA256
83ac81ef12efb932f0dc87f9b884e07024002fce309be1b8616f1e06991acdc9

SHA512
34cc5e52716cffbd63a945255759a4a3391471822cc48d1abfc36182a1a619887f3db9811942d051102688e0a056b8c3ee58b734e59938622f2e477f848a4403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586cbf.TMP

Filesize
704B

MD5
70901480f1647414ae0ddac32ebe7b49

SHA1
4f291349b2d0c6c5a5b3e29fc19f68c2d4d78711

SHA256
1a6e6f6b838bff3cc64d237cbce0a9272db21d7bc955896dd824ec62ec180ea4

SHA512
6fe315cd1c8393ea275d9158a15e173d00511ca4166c9543545747395f2439d647eb925f159c6d39964d9bc6974ca3997bc86f101bcbafd0579de6822af220f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b223aa9b-e235-48a5-a07c-2c232202ba80.tmp

Filesize
6KB

MD5
e88ae0b6cebf1b0b9ceb3799a829fe99

SHA1
73d45840ca24c1e4db73aa7928372be08ebc75e1

SHA256
2dec00154a7dd76c0cb2fa07059c732dde416577152bd952f913bc916e5950f3

SHA512
8709fdf615e55f2b9888393365e98f16e736f3ab761a0ac648e9b11b1a90177afb061f70c47228e5caf4f8a4f77ab2e9cdc3c0fad926fe292a4b49a330a2cce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b3cdaffca8a20e6a28298df3142d377c

SHA1
e76300f166ddb8ed54d7252fb5de70c4cf9ddf79

SHA256
0ac318b1c60eaa4e2ad81454ded8db2026dc1b879bba07f958eb5bc6090d77fa

SHA512
2c1739189869c03b004ee6c227777484b9f12bbab80506c7df801096d2e61aca47d7ca843fea5b9a1752d49c08307999081f90e740445f88b2ccb7c730cf3093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15d876fa55751baadc36d91b6bea0e84

SHA1
36853d30a5a299819efc89d91dc4abe809a69802

SHA256
424a4ea656b37d38ba445099993c5c1183481bbbd15c04734ff5a947ba293813

SHA512
e5160923fe2739d328b7320c5ce0349808ee482de263e8641a92601effcf9618a87268c29a729e58bfb751058d6ecef927cb2e3a00ae725683d4fce4985219f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc75aeaddffbab0e6fea4411fabcb12c

SHA1
eaa08230988d4bfacc411358d8d9d2093b430054

SHA256
984d1447b1103b439ab8c264136e2cbed94b0679cc821b547c1b24d446142616

SHA512
aa008beb51b6bedd33bc5e3f1bad9cb67c1cf06cf43aef0e55645dc0d06e8cd7796dd6ce34c150ac8385fce0e37d4528bd6c70ab36afd9e6a93a36bbef339c5e

Download Submit
C:\Users\Admin\Downloads\Mail Access Checker by xRisky v2 [Free version].rar.crswap

Filesize
39.0MB

MD5
efb5ea9f716b2c08774558dcbbb8a40c

SHA1
4db8a97682f7ecd14fca49b4ff8d807db57d5308

SHA256
f3adbbebdbabb53fec419c73c9341c70fbe45063cbbc7fdc1b6cab8b61048772

SHA512
37524e1cd237da0702b5c77dbff8eecee07d0f4200878a9adb2149b33efb5fbb0f78fde5044525b291718d2f7137fcfec092b8f39705727385d7d64e6966c6c2

Download Submit
C:\Users\Admin\Downloads\Mail Access Checker by xRisky v2 [Free version]\Read before using.txt

Filesize
470B

MD5
bbff647a11de1749364126b35bb6c37b

SHA1
59c3f5afa40393e1e396abd1bcbac5ecbc5875cc

SHA256
46ffb0b9f1bceb09945f1132b8ff7dd62ecc0edf2fc0b03799e16ccd4aa7a123

SHA512
abe558ee3696a12b195ade4e3489c708b5d21e07ca24cfad0700c80c3a0ceae8a960b2610f04a871098fbccb00e31c4e9b5be71be8fd369a9448b392d340c54a

Download Submit
C:\Users\Admin\Downloads\Mail Access Checker by xRisky v2 [Free version]\x64\SQLite.Interop.dll

Filesize
1.7MB

MD5
65ccd6ecb99899083d43f7c24eb8f869

SHA1
27037a9470cc5ed177c0b6688495f3a51996a023

SHA256
aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4

SHA512
533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d

Download Submit
memory/5716-740-0x000000001D760000-0x000000001D76A000-memory.dmp

Filesize
40KB

Download
memory/5716-764-0x000000001E010000-0x000000001E02C000-memory.dmp

Filesize
112KB

Download
memory/5716-719-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/5716-717-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/5716-715-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/5716-713-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/5716-712-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/5716-736-0x000000001D360000-0x000000001D48A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-728-0x000000001D100000-0x000000001D22A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-724-0x000000001D100000-0x000000001D22A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-723-0x000000001D100000-0x000000001D22A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-738-0x000000001D760000-0x000000001D76A000-memory.dmp

Filesize
40KB

Download
memory/5716-750-0x000000001D770000-0x000000001D77A000-memory.dmp

Filesize
40KB

Download
memory/5716-743-0x000000001D760000-0x000000001D76A000-memory.dmp

Filesize
40KB

Download
memory/5716-702-0x000000001AC90000-0x000000001AE30000-memory.dmp

Filesize
1.6MB

Download
memory/5716-737-0x000000001D760000-0x000000001D76A000-memory.dmp

Filesize
40KB

Download
memory/5716-751-0x00007FFE95C90000-0x00007FFE95DDE000-memory.dmp

Filesize
1.3MB

Download
memory/5716-755-0x000000001D770000-0x000000001D77A000-memory.dmp

Filesize
40KB

Download
memory/5716-754-0x000000001D770000-0x000000001D77A000-memory.dmp

Filesize
40KB

Download
memory/5716-753-0x000000001D770000-0x000000001D77A000-memory.dmp

Filesize
40KB

Download
memory/5716-758-0x000000001D360000-0x000000001D48A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-759-0x000000001D360000-0x000000001D48A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-762-0x000000001D360000-0x000000001D48A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-761-0x000000001D360000-0x000000001D48A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-765-0x000000001E010000-0x000000001E02C000-memory.dmp

Filesize
112KB

Download
memory/5716-703-0x000000001AC90000-0x000000001AE30000-memory.dmp

Filesize
1.6MB

Download
memory/5716-763-0x000000001E010000-0x000000001E032000-memory.dmp

Filesize
136KB

Download
memory/5716-760-0x000000001D360000-0x000000001D48A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-757-0x000000001D360000-0x000000001D48A000-memory.dmp

Filesize
1.2MB

Download
memory/5716-774-0x000000001EDE0000-0x000000002016C000-memory.dmp

Filesize
19.5MB

Download
memory/5716-775-0x0000000020170000-0x00000000206BE000-memory.dmp

Filesize
5.3MB

Download
memory/5716-776-0x000000001E720000-0x000000001E818000-memory.dmp

Filesize
992KB

Download
memory/5716-777-0x000000001E820000-0x000000001E918000-memory.dmp

Filesize
992KB

Download
memory/5716-778-0x00000000218C0000-0x0000000021A7E000-memory.dmp

Filesize
1.7MB

Download
memory/5716-779-0x0000000021A80000-0x000000002212C000-memory.dmp

Filesize
6.7MB

Download
memory/5716-780-0x0000000022130000-0x000000002290A000-memory.dmp

Filesize
7.9MB

Download
memory/5716-781-0x0000000023570000-0x000000002391C000-memory.dmp

Filesize
3.7MB

Download
memory/5716-782-0x0000000023990000-0x0000000023DF8000-memory.dmp

Filesize
4.4MB

Download
memory/5716-783-0x0000000023E00000-0x0000000023E72000-memory.dmp

Filesize
456KB

Download
memory/5716-784-0x000000001EAB0000-0x000000001EAD0000-memory.dmp

Filesize
128KB

Download
memory/5716-785-0x0000000023E70000-0x0000000024084000-memory.dmp

Filesize
2.1MB

Download
memory/5716-786-0x00000000212E0000-0x0000000021348000-memory.dmp

Filesize
416KB

Download
memory/5716-787-0x0000000021350000-0x0000000021372000-memory.dmp

Filesize
136KB

Download
memory/5716-788-0x0000000021380000-0x000000002142A000-memory.dmp

Filesize
680KB

Download
memory/5716-795-0x0000000028E70000-0x0000000028EDA000-memory.dmp

Filesize
424KB

Download
memory/5716-701-0x000000001AC90000-0x000000001AE30000-memory.dmp

Filesize
1.6MB

Download
memory/5716-799-0x0000000029210000-0x000000002924A000-memory.dmp

Filesize
232KB

Download
memory/5716-800-0x00000000291E0000-0x0000000029206000-memory.dmp

Filesize
152KB

Download
memory/5716-700-0x00007FFE91FC0000-0x00007FFE92A81000-memory.dmp

Filesize
10.8MB

Download