lumma | hxxps://drive[.]google[.]com/file/d/19Kz9FXnoFZ9qaPhB7R1wTAkvipMibFnT/view?usp=sharing

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/19Kz9FXnoFZ9qaPhB7R1wTAkvipMibFnT/view?usp=sharing

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://torubleeodsmzo.shop/api

https://potentioallykeos.shop/api

https://interactiedovspm.shop/api

https://charecteristicdxp.shop/api

https://cagedwifedsozm.shop/api

https://deicedosmzj.shop/api

https://southedhiscuso.shop/api

https://consciousourwi.shop/api

https://tenntysjuxmz.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 5 IoCs

pid	Process
2604	IZArc_4.5.exe
212	IZArc_4.5.tmp
5880	IZArc.exe
4980	IZArc.exe
5936	Main.exe

Loads dropped DLL 32 IoCs

pid	Process
212	IZArc_4.5.tmp
212	IZArc_4.5.tmp
5488	regsvr32.exe
5488	regsvr32.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
5880	IZArc.exe
3420	Process not Found
3420	Process not Found
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe
4980	IZArc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
7	drive.google.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5936 set thread context of 2704	5936	Main.exe	188

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\IZArc\Languages\is-3MT8I.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-TF6AA.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-4JQIM.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-R19U7.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-UKC1Q.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-NOFL1.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-AQNPT.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-CFVVH.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-GODHN.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-HL11A.tmp	IZArc_4.5.tmp
File opened for modification	C:\Program Files (x86)\IZArc\UnGca32.dll	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-JT935.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-DS4HJ.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-NK8RF.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-LPV7D.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-CTVH9.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-FAFQ9.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-6A5LP.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Skins\is-L8JHI.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\SFXS\is-PARRJ.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\SFXS\is-B93BR.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-8HDDH.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-2QE5S.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-4MEPJ.tmp	IZArc_4.5.tmp
File opened for modification	C:\Program Files (x86)\IZArc\IZArcCM64.dll	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Skins\is-ROLDM.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-NKJE5.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-IQAK3.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-NU67J.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-BV197.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-3VJ5O.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-L83MU.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Skins\is-5BBT1.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Skins\is-V1O0E.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Skins\is-B1DUS.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\SFXS\is-3Q2P1.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\SFXS\is-G41I3.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-TU7Q7.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-6BAMN.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-NUJVT.tmp	IZArc_4.5.tmp
File opened for modification	C:\Program Files (x86)\IZArc\cabinet5.dll	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Misc\is-MCV50.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-21KI5.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-469RJ.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-JIPCU.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-CNO1C.tmp	IZArc_4.5.tmp
File opened for modification	C:\Program Files (x86)\IZArc\Misc\Setup.ico	IZArc.exe
File created	C:\Program Files (x86)\IZArc\Misc\is-DAVQR.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Skins\is-T883P.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-U8PD0.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Skins\is-KTEHQ.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-RET6G.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Misc\is-VSQ7U.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-52FUJ.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-07M8C.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-KD42L.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\is-F0RL7.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\is-RVDPH.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-S3K3K.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Icons\is-OUNOH.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-D3RUF.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-82DI9.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\Languages\is-U925T.tmp	IZArc_4.5.tmp
File created	C:\Program Files (x86)\IZArc\SFXS\is-8SOFH.tmp	IZArc_4.5.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IZArc_4.5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IZArc_4.5.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IZArc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IZArc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Main.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.uue\ = "IZArcUUE"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "IZArc7Z"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcENC	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcGZA\ = "IZArc GZA Archive"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcTAZ\Shell\Open\Command\ = "C:\\PROGRA~2\\IZArc\\IZArc.exe \"%1\""	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcTGZ\ = "IZArc TGZ Archive"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcZ\Shell\Open\Command	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcBZ2\ = "IZArc BZ2 Archive"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcIZE\DefaultIcon\ = "C:\\Program Files (x86)\\IZArc\\Icons\\IZE.ico"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcTZ\DefaultIcon	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcZ\ = "IZArc Z Archive"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zoo\ = "IZArcZOO"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcARC\DefaultIcon	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcHA\DefaultIcon	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lha	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcLIB\Shell	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcCAB\DefaultIcon\ = "C:\\Program Files (x86)\\IZArc\\Icons\\CAB.ico"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcCPIO\Shell\Open\Command\ = "C:\\PROGRA~2\\IZArc\\IZArc.exe \"%1\""	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcTGZ\Shell\Open\Command\ = "C:\\PROGRA~2\\IZArc\\IZArc.exe \"%1\""	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcB64\Shell	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.enc	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcLZH\DefaultIcon	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcPK3\ = "IZArc PK3 Archive"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcYZ1\Shell\Open\Command\ = "C:\\PROGRA~2\\IZArc\\IZArc.exe \"%1\""	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcZIP\Shell	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcZIP\Shell\Open\Command\ = "C:\\PROGRA~2\\IZArc\\IZArc.exe \"%1\""	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BC593DF5-466F-44EC-8FFD-C4DBC603B917}\InprocServer32\ = "C:\\PROGRA~2\\IZArc\\IZARCC~1.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcARC\ = "IZArc ARC Archive"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcBZ2\Shell\Open	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcHA\ = "IZArc HA Archive"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcPAK\DefaultIcon	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ = "IZArcRAR"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IZArcCM	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcIZE\Shell\Open	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcDEB\ = "IZArc DEB Archive"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\IZArcCM\ = "{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lib\ = "IZArcLIB"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcCPIO\DefaultIcon\ = "C:\\Program Files (x86)\\IZArc\\Icons\\CPIO.ico"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ = "IZArcGZ"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcGZ\Shell\Open\Command\ = "C:\\PROGRA~2\\IZArc\\IZArc.exe \"%1\""	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcHA\DefaultIcon\ = "C:\\Program Files (x86)\\IZArc\\Icons\\HA.ico"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcWAR\Shell	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.arj\ = "IZArcARJ"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcA\Shell\Open\Command\ = "C:\\PROGRA~2\\IZArc\\IZArc.exe \"%1\""	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mbf\ = "IZArcMBF"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.enc\ = "IZArcENC"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcMIM\ = "IZArc MIM Archive"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcUUE\DefaultIcon	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcBZA\DefaultIcon\ = "C:\\Program Files (x86)\\IZArc\\Icons\\BZA.ico"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\IZArc_backup = "CompressedFolder"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcTGZ\Shell	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcA\DefaultIcon\ = "C:\\Program Files (x86)\\IZArc\\Icons\\A.ico"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz2\IZArc_backup = "7-Zip\\.bz2"	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArc7Z\ = "IZArc 7Z Archive"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcLIB\Shell\Open	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcGZA\DefaultIcon	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcIZE\Shell\Open\Command	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcARJ	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ha\ = "IZArcHA"	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcRPM\Shell\Open\Command	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcTGZ\DefaultIcon	IZArc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcGCA\DefaultIcon	IZArc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IZArcB64\DefaultIcon\ = "C:\\Program Files (x86)\\IZArc\\Icons\\B64.ico"	IZArc.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 760967.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 990008.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
1120	msedge.exe
1120	msedge.exe
3256	identity_helper.exe
3256	identity_helper.exe
2932	msedge.exe
2932	msedge.exe
5540	msedge.exe
5540	msedge.exe
212	IZArc_4.5.tmp
212	IZArc_4.5.tmp
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4980	IZArc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
5880	IZArc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 5072	1120	msedge.exe	85
PID 1120 wrote to memory of 5072	1120	msedge.exe	85
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 116	1120	msedge.exe	86
PID 1120 wrote to memory of 3544	1120	msedge.exe	87
PID 1120 wrote to memory of 3544	1120	msedge.exe	87
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88
PID 1120 wrote to memory of 224	1120	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/19Kz9FXnoFZ9qaPhB7R1wTAkvipMibFnT/view?usp=sharing
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7480 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- C:\Users\Admin\Downloads\IZArc_4.5.exe
  "C:\Users\Admin\Downloads\IZArc_4.5.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\is-RN7DE.tmp\IZArc_4.5.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-RN7DE.tmp\IZArc_4.5.tmp" /SL5="$120114,5047654,194560,C:\Users\Admin\Downloads\IZArc_4.5.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:212
  - - C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\IZArc\IZArcCM64.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:5488
  - - C:\Program Files (x86)\IZArc\IZArc.exe
      "C:\Program Files (x86)\IZArc\IZArc.exe" -sa
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SendNotifyMessage
      PID:5880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.izarc.org/donate
      4⤵
      PID:864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
        5⤵
        
        PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11095871563510929733,11149791427191444116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:840

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x460 0x4a8
1⤵
PID:5340

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4336

C:\PROGRA~2\IZArc\IZArc.exe
"C:\PROGRA~2\IZArc\IZArc.exe" "C:\Users\Admin\Downloads\Main.zip"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:4980

C:\Users\Admin\Downloads\Main\Main\Main.exe
"C:\Users\Admin\Downloads\Main\Main\Main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5936
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5696
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2704

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2680

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IZArc\IZArc.exe

Filesize
3.3MB

MD5
6ad69b02b1a5ba995eadc7fd9cc6a705

SHA1
0eecb19e7d06e36165d36b12a2572ef8493af835

SHA256
79074936d195049d1380e7ff085221c970d7a2283ec612c40bd15b8006aeaeb4

SHA512
b0031aeee86bd4c1d1d7f6b0c041c552be662b34620eeb6e70dc017212af319dd676468e0db6a50bb6712645385dc32a5e1cf48a2befab00df6aaef95855a84f

Download Submit
C:\Program Files (x86)\IZArc\IZArcCM64.dll

Filesize
2.4MB

MD5
f64e891a69b8274cb7d011883f8b2a65

SHA1
0edcfce898fbea3ab417be9c30c5565bbd7ec95d

SHA256
c79474ce574887482bc455fee365fc4f89904102aeb1df0d449de5460c553d45

SHA512
f199958f2a1d833fa46d90b4234fa53797af8dcb2950fab6d77e4acb326cd37362934e6090481001caea0a7ce05c3c19315a642f544cc940552990658578f8a9

Download Submit
C:\Program Files (x86)\IZArc\apr.dll

Filesize
112KB

MD5
56d1932b7edb3ab165d456944ef484dd

SHA1
e8b40b5a267593e9b399b909a59170b219eec8c6

SHA256
1514cee215b7ee3d67fb6e8968c0af73e4e4c970a3378ef331b2a77ed76e1a4e

SHA512
d44cb75c05bbfa656537d80060379adf994dfe14066bd6ed74daaab032df8582f5c165c81d503f14cc7b2d6d19436a4f915aa6ef1a60361cd57835f9b5975348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
70KB

MD5
0f6e110e02a790b2f0635d0815c12e5c

SHA1
2411810c083a7fda31c5e6dd6f1f9cf1b971e46c

SHA256
2f7018f3c214ace280e4bd37aabe0690bd9d8d0532f38e32a29d1f9de1320605

SHA512
2f2fb7c4ddfb6abb5dcde466269f625eea58a2c69d25830e6bb24126e7679ec7c83fdb0d8ff2a7de4dd4b994513f5e80813dbf1f5d6a9a474c3a60d8bee74f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
64KB

MD5
e3f1876a05dd3dc16742c5b7fea17407

SHA1
2c9d881ba039b2ac44c09e91bf91e500cdf9d353

SHA256
65c6d4dc3d33c061e90cbc2215d150af5b1464a25322ca6b0b614ef54065298a

SHA512
9330d4cbf8fb1e2c5befd3e015ff0f17bf83656a938c4be51a7b39993c41db2e8dcc77b41861dc9d54e3db48801d1cb2872dfea3029279c645918c1d78495fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
72KB

MD5
6a9ad238592d8fb8826c40728b1ed62b

SHA1
0dcfbd6546359df57aab71436a0600d1d3d90a0c

SHA256
1582f317612014f4b0d135547aeff58e782f2ac9da749da39cec9ee310751e19

SHA512
a61b36ff9cb3139fb9a186b481ee019a8d6604a2d650a12d037f503e19bb763f1fcf25469770f5d3e11458f3d0bd55bfc3ca7f872eeaaa091610f6a60a85febf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
51KB

MD5
02a27e332b97a9fd56c2768a57666e21

SHA1
7b7e1d142a0e3e8d7e4aabf2026953d3ae16c481

SHA256
1df65e196a11d7c52f0cc528edbe393805886134b13e88cc3d84e702f4143935

SHA512
a9edaa904d9595e0bcf1b5ba6769fe5a01b474d6918c17d9c55709221db5dfc0765bca3d7dfc28a8d7d7e8c1056e2cde52b1922f1cde0fd16e834e0fccc986a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
51KB

MD5
d5c8d56068073343ee2598be9216c4a7

SHA1
8b7c07f546db5ae95408f81eff97b8df0d1982f0

SHA256
15ce716a1764afcf21bd641255fb9ce67303be1ceaf51a2bc5cb78cae990a7fa

SHA512
77295145e5620540f89ce64d4cb2e64c7603bbbc86fef0bdb71697059b2e17ab5eac51bf2bc6a578ed635d16a2cb317ead0fbabbd83afe44b53ea58ca18dd501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
75KB

MD5
01c8cd71f19fe81182605554ab60acca

SHA1
31238411297a985d892207903e106fe2d394b204

SHA256
4ab19ac535296101f78d075c7d950e4f1c68401b300ab045994facec12592eb3

SHA512
118c6d3b06b88719124a7c50a0d8001614dfe1b6eb3df4dc54423d3e2824b90765227069ce22bf87fa5d3423950879e95a84393c6a90abae136c20b9ef6e8ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
26KB

MD5
ed76b3230fad7ddbc073911373d8b828

SHA1
e03350537c19495628ea3c3827254483b14bcf10

SHA256
c277c9967f04a3483e9142dfcdea2656d7300d00e66f116de284e894d262460b

SHA512
70867212462d893f9212317c551e5265760f5af5fa7f856b38b8d9fdc896fd3c8a89dcb3ce2119a762db0cc38fc2b0fe3d3c1e2ebdf087bf5e7c5833816bff08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
102KB

MD5
e1c894bf3fbd58b78d850ce33d6f3983

SHA1
08d182fede0e0f35c2d3937dad01b695f7f805d9

SHA256
4e3e0243085becdecfd2e3cbbaa3ac44c3f66b994315796dcf7a6b9e09d703ad

SHA512
177508aaf0b27631c3d038cd4652e93a879095f7e0bd6d295be33790dd16a91015eb0b84627a349c76c8b30029e03c4c41b199f5f680a39ca4439800db750792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
102KB

MD5
02bdcbcf94365990c2e575149ea1d56d

SHA1
1cb4a20cc76f692b694f7b4f47f19e9fe2a2ac44

SHA256
369531e7a9a9c6bdde40320e415751057ad309916bf08e5dc542c8f948d02f8f

SHA512
f93ef6f29f26c1911abb649554fa32dfac4b99e3f7ea02ff21d178f8418c52a483198ea2e9c2bfec2c02cc921945921d982129126ee59c1533d37469c97c5181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
141KB

MD5
54376d90b342779cc5531b831f758744

SHA1
029a36358461f0aab62c494f9617097dff273106

SHA256
231d729e2ac21ac1be4c3dc6041a383a77817722f70c5bdee95f4f3dececfea5

SHA512
9f2f176576df7960205a0e024f927bf71813372c5eecec85c24c1b8af442059b6a53df3158254bd6b8ba18abb6a0f79447875f34434c3149f1bc948917d5b1ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
87KB

MD5
6ac1893e2474239375c9dfff455e864c

SHA1
d659b9e8eedcd50ef3813f6fef4ded3ae7541c7c

SHA256
d9b0898e726ce1e2c5de489b513278bb575ad245ccfa8736da589b61e5fa549b

SHA512
d5bf516c713c382bdf9b07627a90bf04d5d145aa86296f899afd777550cf8b97b08e9371d7a6903101570d6bf9afa123371cc938a8aa828f6e063f59a2db9a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
20KB

MD5
a1afe33ce7442502a96deee597945384

SHA1
fe34cd78635f5617cf238de6dc746058d6f88899

SHA256
f7eeb570c60aff1435db1daf3767c0672634269789870ef91c69b2b90a47edaa

SHA512
f8bca21c3fd79d63c8265f5dfcba95419eac697b42efb600e7c33d15dc5d9c3e0d0d360da39e14004facaea4cff4dcfc00d7437979283ce0a2b06916b69b8c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
044cdc4b7c51855394dbd847799d20d1

SHA1
2fba464497fa69406cb7c6378e725abb0abb709c

SHA256
0e5162a8d9fbfaaad6f5f14405d1f460f74f011e134dd5dfd6c72fbefe5c145d

SHA512
798dd4e79ecfbf0cf851dc81529b3c83053ac9777be140af10e1bf07120e7d1018af009631f8342ec5b6162e710282ee0cec171e6f64d50f9e0963c3daba82a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
56227e36097c73d18c17f6f5e8975284

SHA1
b20895f630ea7b3b1abb42114e7d40daa41433d9

SHA256
bdbdee24487d8a9efb8092ec6f1df923854cc804756d3f418f9f5b62405aef32

SHA512
03e0f40b70b5699c62343d324c1652473d4e7d826dbe40366f68b8fc009bd03356b14b5e4bcaac102952adc27b5f06682667ce5a7a92bdc65ad5316976444ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
71880759d0a02cc393435425160439a1

SHA1
732ef3ceaea9aebaf8f44998926f5729f1c9b95e

SHA256
594f887b90968802b0fdf803334d7612352b1b392759b7cfc08832153a4fa3d4

SHA512
b897cb93c9eb8edade4ffc63ccdb29fc2874d1918c11d46a8ade59b91a179a7b43e2f5e51be053ee101df1db1b83611663fab8b5442db85463304c6f750541cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34c21f3a21112e3b3677c46b86d47644

SHA1
556e0798ab52f1eb7a079e2f0e5955e90385aaeb

SHA256
33e2bbeea497fa3dd8d0e8e59d5295cee123e80ea3a1ff08001d47ae0f70f7ca

SHA512
fc1351b9f73c71ddf5f4d725003627fd8fa109bbe5643aa1f2a0f98ec838f27c80a45cc4515bfabc3cf199099006a16dab83391f3ab8ca7da729ded37cc2d932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
42d48f18a313247af46ba12ff52a81bb

SHA1
4c9baac87f3b9f062954f7c3cd5d9138257379bb

SHA256
1f66b70fd869c6c16e6fbae58dac582cca0700f926cb771d5bed0e2a51cc6c7e

SHA512
61bc58acff4dd1181e3fe0d880973fb4ce8909154f89a31ae75cde29a2458a4bae45d4ec8c229ff9f70174a1cd6a942cd5c8c469bf5d2b075e4342c3463fb93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d216c6e96a1482bff749f501963bee8a

SHA1
0c07a66525110d9f2495e731d043a52c898e714c

SHA256
c93dad6283231efae649b1c9b4c0e2a9064cb60fe8cb41c106f2d84565095563

SHA512
5f1ccdfaf4709d8fc6dff00df994a6e8a7e4d750faea747eab9ba3d39c55662fc4b6204218ae7c9656ae7db05ec9f1c2facf227a068d80cdbcf88dd573791d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e354e36c8e75481ecec807c1ddccef09

SHA1
bd8a7fb563323c74af5c5b9faa7341603bc44fb0

SHA256
9eded6529280f291f46420c33b3dbeee974bf0a58029cf33f160cb357735a95a

SHA512
9740407091594ed60e78645fbd80a568a0c6994ac6e0e960625e04576361019c6d6c9f5e8efe82ae2ffaf89bd340e3389ddccc9227df64819ba0cc8b6eedea9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
18fe0940ac791a0dc1cedc294c7a99d6

SHA1
f5353941aa0d24d4dc6dbb2931976db8a2c22ae9

SHA256
b4b35af0d8378efcd6cbcac091df09260554305908ae428b8ec8dcac5306e4c3

SHA512
1c1e055512113440dcdac9b5ec9f7be70a5456cf7a3ee98f3e43ae8a25c913067cce77a63ea202cc1a7e73a48d1fbb2e43e288892417a7508277f9a7401358e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7aee79c4149313619ba234b63b64c3d5

SHA1
7f238eca7472e5b8abe1bdfc18ba2997cbfe7af9

SHA256
7d5d10dea3ff30da3260a2b9dfb31c6e2f75a8cffa0855dfebce2d0011d8223b

SHA512
232a335c8d79599d45f5aca80b6ac2de5e9d0c10df6760d6e76ccfc58abd6942dd0b28607727471acaf3985626000d53910f761e3424e7796ac479078c19ba02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
92a830ecd8f3ecd5fc3aacd8576832b9

SHA1
b8dca71dd46128982ab0564931679d5e3558b748

SHA256
06b261fce3252a71ac772e12f8ff77eef9f5abef4c0b79dc10730523e2813a39

SHA512
93d1ceda137b1580bf261fbbea5e65535d1df12cfb3e6b03b687d3df9d8d34493a3c6effc6df44ff35b3ddf5bd24677ed91ea18fa9251da142a14b5545cb828f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
06bb05626a5b7cbda680b5e638442f7b

SHA1
fab15f85cf81ad6538b64a276e60300a08dfd962

SHA256
e8439eb48d17b5289f9456272dee9cfb7dacbc2e119295e16645626ac8bb09a7

SHA512
2465e64ccb4feeb463538eda1ddc84d76e5f131bcdab51ebf285a80e4855fe8eb274d74b1e4acaf010b658fcca3501830f07890cb046a7c1528055c7ed0b5289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
72cb21fa3986e2750e0b6637e0e67b60

SHA1
d77d6f0fb442e3758fa9d8b4fa97c845c383b858

SHA256
9848daffda5457582d6b19dd772d3ee2a9711d6624ebdbb8c458d07573d4b56e

SHA512
203797b87ff687c815c2c8eba054a86a6595dc3892b423522d48565598bc991ef51f3178ea9fa2acb0d27af2ec1646e44d738b974846e72f939566cf380393ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bd42279394144df756d448c59d000275

SHA1
d269b8d371d30ec352c57153fdb69055299642cb

SHA256
1672e343b253f4b538c06001402d1c8aae9557f1bad5ebf371bfa2cc387b0f87

SHA512
9209aaa53fbc72626483140cb94fd59443b956f4461b143d9897a393fa6669b11b7b939e1162b16211dd994bf7e9360c2600e4aab04c037d5840bf5ac8d3d037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f7c.TMP

Filesize
1KB

MD5
e904731d7e954cfd6663071aeb69c07f

SHA1
f3655619823c82664de63642598b70f8bac4ce6e

SHA256
96a7d2e4d51a2aa2c3fe90f8d25029ac4bced033f5e0c98d92005e319727e938

SHA512
c266d8be7d529d5091afb91ef5c369882f48a01873d707cb2884074c8f419cf5a237ef00ea75fa99b0b29327957d63cfd00b439a180f6a6809d40778466c3c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
67017ae508fc643901737029987bda4b

SHA1
d92c220b55e0ca3c524653623f5ec2acb1310d8f

SHA256
823900c859cbb7115fec0d63284179153c7e65903a2624286131ca466ca15a54

SHA512
7d417eb47c4c1836b31bd318842375444ee07d02de0f410decd317748ba0f37fd2e4c8039d5774794919893c83d420cf2811f9df57d7de30e75e515c55de4683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7abd1c3dbd6fd77a6520acce7d7c99a6

SHA1
6f40ebdafca34ca23ada2312bf7f405391a4cd00

SHA256
40f31d39dcbf74ff26cd0cd2475015e8866628d3f89ea2eec4ca34dbce196581

SHA512
f6da628ed2f110a7878d0c366a64d9bc53b2054a3b5a4f2f4faaebaebefea7914033f2869d34a5fed956afad596bf6a7a0b652fb7faf2531c1b3d8e51bb1dfdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8aae549eb962ace36f64ac735899657f

SHA1
16bba04920110c8d0a9bd35fd15dc443b34fb897

SHA256
b1fd7b8357136d3132514c4203122bb60d0649974259ba4950141c7051bd36a0

SHA512
3a4c1d57603f8e2a3b53a24851e6ef40dc184e252c47f209cd951c232839de368cd0ed00f3751fb7104325eb236fef116b2c6473ef6f17571708c28e7be278df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
436189a7b7f42163ef5be434ed199a73

SHA1
56af9e5bc69d0828d247c5c34d15b57bf8e88655

SHA256
3c57aeadea3a974f4bc3885995dcdf9cad677ebe6b298d571b37b2f65ab91987

SHA512
869e406ba41fec2ada4e51f2e35ff9e6daf1eedebc849045fa128a898ce6e399929ffc32c1d12e04152a0e2cf090e6cd82814cea62f8a6d0dd6723b062b4d1c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NDP4E.tmp\_isetup\_isdecmp.dll

Filesize
19KB

MD5
3adaa386b671c2df3bae5b39dc093008

SHA1
067cf95fbdb922d81db58432c46930f86d23dded

SHA256
71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

SHA512
bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RN7DE.tmp\IZArc_4.5.tmp

Filesize
824KB

MD5
296b3061bb1d0a1efd08719210f3c19f

SHA1
7a5b348627eb9a99c8b6023277542c45fc8042f8

SHA256
87d4223d074e3035a5959264ec9c20cbd4fc51eea9fc8a9c83fc6414808ff9ac

SHA512
5c4e1d3cbc7c354a3b5a081ac47a3bf9c742c4386738d745c81eb7fccc5d10ea51395a4959077b828ac4b80e996511515a29146392cf3a727aa61be88744b2e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5d6d4a32f1c3ff72b8e5bbd06eb41369

SHA1
f992d23e223c3ba344db0642db2e96587ab8ac6d

SHA256
d63185784d44861cbe2ef8a107d926d6856dfb94066138cecb78912eaf18c88f

SHA512
05378da6ed295457d9035de8d337d9c52f1e7f059fac881dc3667b4b182345d5bf96e301b1c71245a4557e55561c8b8e0fc5d464dfc815ac9f44529e3830ae4d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
09e917718d8a01bcb083ac84be7ed118

SHA1
d411a0fd63654977d65ac04827d323db7d15c3d8

SHA256
0091505d42393688853226dc7aa7107ab3447d35d7ca012be1fe6b83dc89338e

SHA512
95eb4d298579ee5e0d9cfa51bf0f61772f8e481a72d2a0987359679aabeee2fa4fd40f0f619f2ea1b890a68c4075340662cf7b6de476eab5ca3d165dd2980bfc

Download Submit
C:\Users\Admin\Downloads\IZArc_4.5.exe

Filesize
5.2MB

MD5
6a3326cf6e377ffe29f946104514b9db

SHA1
00a76e4983e1655389e70e148721c5e4bf86c3cc

SHA256
557dc67478b7ab0fd71187de08b3e4164a6d9b8e7d432dbe06713e930df60fe0

SHA512
956b574e3a25af9d95a1f87c942fb731fb8fdb8328f2e6a9f800cba6c2ab0273e5231e1d63ab5a951e670879a8bcfc2b26e6568439de4c25732d874a03ba8cf4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 127598.crdownload

Filesize
2.5MB

MD5
3c5cb83faffc7dc8f536e9914aea03e9

SHA1
9a4474553850d328d1c20a5c58691117c5aae1a6

SHA256
5112f0c6b8ffc1a6e1e5904e7ddd5d06354baaad741ace93961cf7eaa7e3acdd

SHA512
a02d047ff0d0e22e94edcf58a62831a6314d1cd47ef118e7f37b66eb00527ee356277fee63116723f7e2e3a1795f6b460114153f580ff73ddde233075857c2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 870271.crdownload

Filesize
291KB

MD5
98c98c6c39b50619e67295d991545679

SHA1
b7ff2540eeb12921c5834fcbd5f44909c1068fcf

SHA256
56b71b67c7b8b07f7a599be6472a47e6d9e4c61eaa63991a92380b5e2a50498c

SHA512
f508f06a23137c1fb0e95edbbcab5fedcf662ad29ac010efce78bf7309161e0d18e2d51e3727ae481f825aa5ac31644b874fd7820544aa4c4925b6842d66fe7f

Download Submit
memory/212-1344-0x0000000000400000-0x00000000004DE000-memory.dmp

Filesize
888KB

Download
memory/212-1442-0x0000000000400000-0x00000000004DE000-memory.dmp

Filesize
888KB

Download
memory/2604-1343-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-950-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2704-1503-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2704-1504-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/4980-1463-0x0000000001050000-0x0000000001071000-memory.dmp

Filesize
132KB

Download
memory/4980-1487-0x0000000001050000-0x0000000001071000-memory.dmp

Filesize
132KB

Download
memory/4980-1486-0x0000000000070000-0x0000000000427000-memory.dmp

Filesize
3.7MB

Download
memory/4980-1466-0x00000000035D0000-0x000000000362E000-memory.dmp

Filesize
376KB

Download
memory/4980-1468-0x00000000036D0000-0x0000000003715000-memory.dmp

Filesize
276KB

Download
memory/4980-1470-0x0000000003740000-0x0000000003779000-memory.dmp

Filesize
228KB

Download
memory/4980-1464-0x0000000003550000-0x000000000359C000-memory.dmp

Filesize
304KB

Download
memory/5488-1328-0x0000000002230000-0x000000000249A000-memory.dmp

Filesize
2.4MB

Download
memory/5880-1347-0x0000000000070000-0x0000000000427000-memory.dmp

Filesize
3.7MB

Download
memory/5880-1334-0x0000000001310000-0x0000000001331000-memory.dmp

Filesize
132KB

Download
memory/5880-1335-0x0000000003BA0000-0x0000000003BEC000-memory.dmp

Filesize
304KB

Download
memory/5880-1341-0x0000000003DD0000-0x0000000003E09000-memory.dmp

Filesize
228KB

Download
memory/5880-1339-0x0000000003D20000-0x0000000003D65000-memory.dmp

Filesize
276KB

Download
memory/5880-1337-0x0000000003C20000-0x0000000003C7E000-memory.dmp

Filesize
376KB

Download
memory/5880-1348-0x0000000001310000-0x0000000001331000-memory.dmp

Filesize
132KB

Download
memory/5880-1350-0x0000000001310000-0x0000000001331000-memory.dmp

Filesize
132KB

Download
memory/5880-1349-0x0000000000070000-0x0000000000427000-memory.dmp

Filesize
3.7MB

Download
memory/5936-1501-0x00000000008B0000-0x00000000008FA000-memory.dmp

Filesize
296KB

Download