lumma | hxxps://drive[.]google[.]com/file/d/1rhJf70IfTJCwaCG0KSgBL6aYpCQvqXcG/view?pli=1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1rhJf70IfTJCwaCG0KSgBL6aYpCQvqXcG/view?pli=1

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://fumblingactor.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 15 IoCs

Processes:

DriverEasy.exeDriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exeUpdate.exeUpdate.tmpEaseware.CheckScheduledScan.exeEaseware.ConfigLanguageFromSetup.exeDriverEasy.exeDriverEasy.exe

pid	process
2868	DriverEasy.exe
5384	DriverEasy_Setup.exe
5452	DriverEasy_Setup.exe
5588	DriverEasy_Setup.exe
5640	DriverEasy_Setup.exe
5880	DriverEasy_Setup.exe
5932	DriverEasy_Setup.exe
6068	DriverEasy_Setup.exe
6132	DriverEasy_Setup.exe
3464	Update.exe
3656	Update.tmp
1620	Easeware.CheckScheduledScan.exe
4452	Easeware.ConfigLanguageFromSetup.exe
5500	DriverEasy.exe
5900	DriverEasy.exe

Loads dropped DLL 5 IoCs

Processes:

Update.tmp

pid process

3656 Update.tmp
3656 Update.tmp
3656 Update.tmp
3656 Update.tmp
3656 Update.tmp
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

7 drive.google.com
10 drive.google.com

pid	process
3656	Update.tmp
3656	Update.tmp
3656	Update.tmp
3656	Update.tmp
3656	Update.tmp

flow	ioc
7	drive.google.com
10	drive.google.com

Suspicious use of SetThreadContext 4 IoCs

Processes:

DriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exe

description	pid	process	target process
PID 5384 set thread context of 5452	5384	DriverEasy_Setup.exe	DriverEasy_Setup.exe
PID 5588 set thread context of 5640	5588	DriverEasy_Setup.exe	DriverEasy_Setup.exe
PID 5880 set thread context of 5932	5880	DriverEasy_Setup.exe	DriverEasy_Setup.exe
PID 6068 set thread context of 6132	6068	DriverEasy_Setup.exe	DriverEasy_Setup.exe

Drops file in Program Files directory 64 IoCs

Processes:

Update.tmp

description	ioc	process
File opened for modification	C:\Program Files\Easeware\DriverEasy\SharpVectors.Core.dll	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\SharpVectors.Dom.dll	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\SharpVectors.Rendering.Gdi.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\unins000.dat	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-BVMI1.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-RDN3A.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo64.dll	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Core.dll	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\SharpVectors.Runtime.Wpf.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-91V1P.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-496HJ.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\HardwareInfo\is-0HIB1.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-MN5HV.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-4JQND.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-UF8TO.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-21NSE.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\unins000.msg	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\unins000.dat	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\7z\7z86.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-3RKMN.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-9EQT1.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-AP37S.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-R0K6K.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-0NT60.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\System.Management.Automation.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-FQG4R.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-C8HDA.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-545S3.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Interop.WUApiLib.dll	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\SharpVectors.Css.dll	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\SharpVectors.Rendering.Wpf.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-GS7JI.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-E20J8.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-E2SUG.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\SevenZipSharp.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-ATEFT.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\SharpVectors.Converters.Wpf.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\HardwareInfo\is-IMU2D.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-AS93J.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\7z\is-S50VQ.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Backup.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-2JN5O.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-ASDNE.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-QTSCN.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-P625V.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\SharpVectors.Model.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-G7RGR.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-ERR94.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-UBB51.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\7z\7z.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-THBQD.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-9J9M7.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-6HMSS.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-F0PMP.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo.dll	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-45E8N.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-21UEN.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-UEP5K.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\7z\is-GFG8H.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-2TQA6.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\Languages\is-S26ET.tmp	Update.tmp
File created	C:\Program Files\Easeware\DriverEasy\is-AMHFM.tmp	Update.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe	Update.tmp

Drops file in Windows directory 7 IoCs

Processes:

DriverEasy.exeEaseware.CheckScheduledScan.exe

description	ioc	process
File created	C:\Windows\INF\c_monitor.PNF	DriverEasy.exe
File created	C:\Windows\INF\c_media.PNF	DriverEasy.exe
File created	C:\Windows\INF\c_display.PNF	DriverEasy.exe
File created	C:\Windows\INF\c_diskdrive.PNF	DriverEasy.exe
File created	C:\Windows\Tasks\Driver Easy Scheduled Scan.job	Easeware.CheckScheduledScan.exe
File opened for modification	C:\Windows\Tasks\Driver Easy Scheduled Scan.job	Easeware.CheckScheduledScan.exe
File created	C:\Windows\INF\c_processor.PNF	DriverEasy.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

DriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exeDriverEasy_Setup.exeUpdate.exeUpdate.tmpDriverEasy_Setup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DriverEasy_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DriverEasy_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DriverEasy_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DriverEasy_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Update.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DriverEasy_Setup.exe

Checks SCSI registry key(s) 3 TTPs 60 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DriverEasy.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DriverEasy.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGUID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DriverEasy.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	DriverEasy.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ClassGUID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ParentIdPrefix	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LocationInformation	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DriverEasy.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A	DriverEasy.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Driver	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc	DriverEasy.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LocationInformation	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ClassGUID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ParentIdPrefix	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ClassGUID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Class	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	DriverEasy.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Driver	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LocationInformation	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ParentIdPrefix	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	DriverEasy.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Class	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM	DriverEasy.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ParentIdPrefix	DriverEasy.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exeDriverEasy.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate	DriverEasy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 11 IoCs

Processes:

Update.tmpmsedge.exeOpenWith.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\DefaultIcon\ = "C:\\Program Files\\Easeware\\DriverEasy\\DriverEasy.exe,1"	Update.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\Shell	Update.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\Shell\Open	Update.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\Shell\Open\Command	Update.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\Shell\Open\Command\ = "\"C:\\Program Files\\Easeware\\DriverEasy\\DriverEasy.exe\"\"%1\""	Update.tmp
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\DefaultIcon	Update.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\URL Protocol = "C:\\Program Files\\Easeware\\DriverEasy\\DriverEasy.exe"	Update.tmp
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy	Update.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\drivereasy\ = "drivereasy"	Update.tmp

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exeUpdate.tmpmsedge.exe

pid	process
3092	msedge.exe
3092	msedge.exe
3736	msedge.exe
3736	msedge.exe
3616	identity_helper.exe
3616	identity_helper.exe
2020	msedge.exe
2020	msedge.exe
3656	Update.tmp
3656	Update.tmp
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exe

pid	process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

7zG.exe7zG.exeDriverEasy.exe

description	pid	process
Token: SeRestorePrivilege	1848	7zG.exe
Token: 35	1848	7zG.exe
Token: SeSecurityPrivilege	1848	7zG.exe
Token: SeSecurityPrivilege	1848	7zG.exe
Token: SeRestorePrivilege	1388	7zG.exe
Token: 35	1388	7zG.exe
Token: SeSecurityPrivilege	1388	7zG.exe
Token: SeSecurityPrivilege	1388	7zG.exe
Token: SeDebugPrivilege	5900	DriverEasy.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

msedge.exe7zG.exe7zG.exeUpdate.tmp

pid	process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
1848	7zG.exe
1388	7zG.exe
3656	Update.tmp
3736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

2020 OpenWith.exe

pid	process
2020	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3736 wrote to memory of 4436	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4436	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 2604	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 3092	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 3092	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 312	3736	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1rhJf70IfTJCwaCG0KSgBL6aYpCQvqXcG/view?pli=1
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff705046f8,0x7fff70504708,0x7fff70504718
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7095935469139993555,17701814353050980851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4732

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\" -ad -an -ai#7zMap18390:172:7zEvent20866
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1848

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\" -an -ai#7zMap6991:318:7zEvent15563
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1388

C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Crack\DriverEasy.exe
"C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Crack\DriverEasy.exe"
1⤵
- Executes dropped EXE
PID:2868

C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe
"C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5384
- C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe
  "C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5452

C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe
"C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5588
- C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe
  "C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5640

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Readme.txt
1⤵
PID:5808

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Readme.txt
1⤵
PID:5848

C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe
"C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5880
- C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe
  "C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5932

C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe
"C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6068
- C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe
  "C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6132

C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Update.exe
"C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Update.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3464
- C:\Users\Admin\AppData\Local\Temp\is-LGRK5.tmp\Update.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LGRK5.tmp\Update.tmp" /SL5="$D01FC,5884668,1001472,C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Update.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:3656
- - C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe
    "C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe" -create "Driver Easy Scheduled Scan" "C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:1620
- - C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe
    "C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe" DriverEasy en True True
    3⤵
    - Executes dropped EXE
    PID:4452

C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Crack\DriverEasy.exe
"C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Crack\DriverEasy.exe"
1⤵
- Executes dropped EXE
PID:5500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
"C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:5900

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Readme.txt
1⤵
PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

Filesize
4.3MB

MD5
6567e76c0afda53f8cc787eaf6d7dac5

SHA1
ff769fcbad78830e53baabb4d472173f67bb79ad

SHA256
5023203a8370f0d935b2ee673d07465cc8bfc04f9022052516055358044456d2

SHA512
060fe41fde595af91db446f79dc20cb1a3f75f67fd01b9003440be391cc210ecd87e3bccdc25db5ca328bd7e65d77c563cb6672706277077c861f34a3accac47

Download Submit
C:\Program Files\Easeware\DriverEasy\DriverEasy.exe.config

Filesize
263B

MD5
0550e282f7d6d76a0b757916257599e6

SHA1
795f1f6e4e93a5d5281a27839b4995ad817e7ac4

SHA256
6847509084814f51bde2f3bfd9b689a52451b4d976c0850b057026f65c47d445

SHA512
a6b81da11748745bdccf0a4683837d3c9c52be648698b155581fabb23c39814f276c145a91c2c25a3aeb28389fa56763f7119e74a878cb7fbd4c25c8deac3f73

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe

Filesize
42KB

MD5
6448713f91be3035ecac0cdc33fc4bf6

SHA1
8d6c61cc926b2af5ecbb844044aece624f375094

SHA256
7011407156d9241fb115fb94a75a4c71f1b8e2777f5f8a72691ed4d066b85ed1

SHA512
e85250873f6e8b3e2b43d9e9cc118569c8dfd16414c140ba2aa680a4b4b4e2b4d3144459e0d43c84865e56eb98510eb90dcb5a9104b95052015c429d8e793fbb

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe.config

Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe

Filesize
20KB

MD5
aaccb86ba9b20f0140dada734513a9a2

SHA1
cc54e03156792a0828c04daf1640dc743a945eb8

SHA256
e86909c5dcf8a79fba2556a21524be64302113a19534bd593f25d601ee84f23d

SHA512
032061ff7f0c6fffb56604dcd539bd06575f8f24b5b0355298928a639ff7d5275d12525d88e52820578dd89628585cb096fee92ff10fa44bee6529875894c85e

Download Submit
C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Core.dll

Filesize
325KB

MD5
3a5056a1e472bab29b37478d0c569dfa

SHA1
c9c14a1de56d7a67273dd41bb44c93ded8cf0b81

SHA256
696bbff4d301ab51b12e691001c6d641ba3127573ba5e5cd84e7719b9da4723c

SHA512
356b7ff9788455820d94ff8dc895afd169075e0860fd6510607a25b6c11482d4e185c3d3e151cfa3b7bc74059918449f1e47a9a70e9fe1b0b17dbb5a192aac70

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.ar.xaml

Filesize
83KB

MD5
ce2f13c5970b16893d960abbfc3917a8

SHA1
7f4e87d8fc549eeacb9b07ab6732c45210211d01

SHA256
15b42a691687cb3cd95984d832484c3bfe7a2798bc222f376c12b3738c96f9c2

SHA512
d48fe398c23e9bf591e17e464a206ef21513e5ae2849bcc3250d815666c11ab4a3a54e6f217fde1ef339f4c754c7f540dbe6fff41730727e10068af707cc2ec5

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.cs.xaml

Filesize
70KB

MD5
31fc9c4b7a3df63f0a0d172b4fe21373

SHA1
e18a1fb18faee2831eb97af675e5246567764e3a

SHA256
1a25a47e6175d3347ee875abe188fe3b5be09808df98acfe3f01aedf433edae2

SHA512
f5dbca774d60bdab084098f1c6ac455f4a7905014dd020e1d85dc9675a01c2e31c3bee879890afda6d28eb869cc9c24c764f7721485dfa8cffad2504697b31f2

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.da.xaml

Filesize
64KB

MD5
acfecc0820d5237e409fafac9ef75321

SHA1
84a30c79ffe1bd69679f03c862416a34e004f2be

SHA256
2b8e9e44b20528612e1190aacc13e38219a695187c397f2520b9aad0b85d40da

SHA512
cc532db7b42d2f38837b524f74bd989a309b6c253989d2fa8718c0b1a55151df8ec2b3864fed5e5e8297f6c494280b017c90f4d36e3d54f5df2c550e4b95ceca

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.de.xaml

Filesize
73KB

MD5
3eb916038db3b0f093fdd565d095a40d

SHA1
0512f086e2e60112bd21c3988ae73e847040dc58

SHA256
23fbe426279ac0d6682fd62c8ec8edead1ee451740630b64e991a177d62d2bd2

SHA512
6de2414b891c2508d531b530dcdeee732a44172262130b775347651c171b47dc10fe83094bf45d20dcd7d78793f8974de7c0f6fcb7e26933f5e1cbae9d10b053

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.el-GR.xaml

Filesize
97KB

MD5
48d335f0385ba5e8de9f299dbfe821ca

SHA1
84d1988522eca16bd5f29ed16bd5b1ba23fb7bc8

SHA256
b95eb8a077f1bd891054dbac5334274e1172e5b8c0a76cf79d1184ac112c54a0

SHA512
4f3a0b76ac57902248d995e8854764322a32d767a7cea4fde47f10f2393655db1275fe4f2b70cde77a739ed9d3d05da1629735b275b15dcb488769ad4bdc64c3

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.en.xaml

Filesize
67KB

MD5
93960f7a06007a175074d67000e78155

SHA1
3f3cd267e5eb68dc8a8233b0e978e076d19ca4bc

SHA256
b0b430905ea742f26b2f73832becab23658751f5948af029715522e35d946f55

SHA512
80c6ef61a12e45255dcc957e4b305adf49237746f7bf94e586b2cbec8c3c8638c290d0edbc01906b0797ea0eb4586351758dbfc4d971149f5989bbe94cd06e22

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.es.xaml

Filesize
70KB

MD5
bf34476aadd113208aa5ff75060031cc

SHA1
de41e9fbee10ac87aefeaca6717783fe975fe668

SHA256
5e95bb4d904e8b37728d0f8ae423eba834019a2d1704515e67b5189d1a8eeecc

SHA512
b9bc52bd7a2da9c1c48be295c33df293625f6187907efcf99edb696717009dd29e6d05bb6eb29b3a21bc79f845f7e59dbba67bb7f765f1ad9979847d7b03b00d

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.fr.xaml

Filesize
72KB

MD5
e8095ff4104449a0cbb81cad39f769f4

SHA1
af9b9860f13e04d9a51b68cc5b2e535c066b81f5

SHA256
a89c8d6c80398528a6911e844ac0cc1c9895df4164d0864f1fa0c5e6e4731341

SHA512
ed85c94462e5a5e469323292e7584ad1e4faead74db85144301aa9fd54128f22b0cdfe234e4424335450dae142326f89b5e4664b573658340342e8ffd62d4080

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.it.xaml

Filesize
71KB

MD5
3ddab4956336684e6e6bb6ddd352000f

SHA1
49f664039053ac3f44901280fa8ca6e9ca29eb92

SHA256
a3f6cbfe2d1514d993e92a2f7327b475e0efec798d08bde2933e643918f6bd53

SHA512
0bcb4e7251e90e272bace829cafd9dc6f28121c312e50bafe9456b40f5d94c59a9602759826a92b7e9ba98120e8cd050a463cfb5180d7d41761db9aa0b1dad84

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.ja.xaml

Filesize
74KB

MD5
3a4bf441d4d3231975350f3f0453a64f

SHA1
5735c82cbc26ca7ebdf02a9bd61b8b843412cfd1

SHA256
5f22fff2b3e41012fc38dffe6f158d2e84376d724574cd656cb463f719d01dee

SHA512
2e33e76f0af51fc7586e8929e0cef9c7d056e6f24ebe84c683a8399f2bcbe2d4d4b92c92f9cc7be6a3b073dd7df79f3ed119175723a373d334e4b756a27ca1a8

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.ko.xaml

Filesize
69KB

MD5
5b97bb3d8f93255558733562cfaf0423

SHA1
ad9f10a3d58783cf116587d00927d8c0e136789d

SHA256
0aa260c4404e58ccb6e91ead25d9535dc755e97cd93376cb030133fa26414e56

SHA512
8446c73847f031cb314a6b8aef076e44dfcb47ece541c49f31b9ff51f4fd11fa36b1f2c56c6f7cfd0cdbc96016d35b5c95d0341625d8278e3a747e9b94d13bf8

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.nl.xaml

Filesize
68KB

MD5
f87a160b5d3143ecca043150fb6244ea

SHA1
1c6de81831955eb8485fe26f8a7e217e1e23970c

SHA256
26b40aaebd4ed8a8a07485f13eaf0c266d9fab397619124124b2f349871399a5

SHA512
13c9aa38bc7d6b9247030c89785619066aaefc2f14c1605e8cd0c7141cea21245ef717ef8545a405d763932b99e60a4f04808f12eb833eb7ddaa6b816f0d294e

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.pt-BR.xaml

Filesize
71KB

MD5
8ac14962b8fcf5315c3421119c7e68ae

SHA1
8433d815a375883320bd51683f7d84e4f5d85005

SHA256
7b780c98e44e921cf391a7ddd9d96a36abab966440fe91d04f99f8b03dff0994

SHA512
24591f116fe67528deaaf32c2122f2b8ae1172ac32316428d6ab6acb52752f8acdf81f9aa1aef38241abee71052bdf3848f72d0f392d1404e0b74be92a7a251d

Download Submit
C:\Program Files\Easeware\DriverEasy\Languages\Lang.zh-CN.xaml

Filesize
64KB

MD5
2c56ef63ea26c14e33030940da3516de

SHA1
ee3df568238c0c1de84710d7264156aa36a39ac9

SHA256
7493238032ba17837776e73e30a57a65dc4bf136ba3c6be6a80bff0374fc4cf9

SHA512
496ebd2030b329f28cbe111d49269a4898b5f90e029ad12e327fe14820e853980bad29c085b7e06cf65f20f9a3fc618f25d60405a61fcfd5a376131286681832

Download Submit
C:\Program Files\Easeware\DriverEasy\SharpVectors.Converters.Wpf.dll

Filesize
154KB

MD5
518d273e42e668ca369c1de27386c428

SHA1
8e1a1c23d000ef1ff56688ce2fdbc9a91e13127a

SHA256
8cf00a6b0d8a96060b10f7a3fd27986829f523ec56222bc08687616bc21feb9a

SHA512
394a3a587f83faf5dc9215dbc222e14457a78947e9111d942c575a88e13372cc805e6fbfd85aae6621cbae411326a14f4c50233f4331fa8d9f9f8fe4223b3abc

Download Submit
C:\Program Files\Easeware\DriverEasy\SharpVectors.Core.dll

Filesize
193KB

MD5
d271c97a28102894663e966105b06101

SHA1
f9cd13f42800e205d9e0f08ef87d5d96e578651e

SHA256
71ddf314e50bd381cb7844bdcccce4aade82bfac666eeed4c1efcf9eade485fb

SHA512
6d67d9a44e4669d4e5bbe63e4f6c91d1d95bc49401e0a3704905428b118262f69ee013328addeb43d2c3254b5e75978975e58922518667361736424cc5cbfc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b63a279aa18f8509850f81261835cf9e

SHA1
68f0d721ba7208021ab2e1825efd9ae7a07d438c

SHA256
c16ce5533adbd10a4819b04a17884e8e69d09e0eafc1e52da1b7037cf1f14d32

SHA512
0436e8cf8480120572c2acdb9198d8d1e4b43abdab2d3cfdacb16f0938a0431f483de94a1d616cae6369904cc9b8c1c15ea14b7cad2f59266e32b454b56b0748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dfd87448ed73b10820c3cbf63fad6b50

SHA1
9a36a506d8b4a4c2abc685024f1d4d6e11842443

SHA256
bd6dbed79b060c72498d882aac765add35bb3da29e284200354b35dc81600c39

SHA512
9d5ded09b61feafb7edad5e5746980958b9148f8ff8c0294e6177f91b4e28db9310e866459fcfc0c4681813266f5cff575908bdc7dff0dc0b85dfd7c17a6101d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e9e2c0b30ebe7a327c63740cd1a79063

SHA1
e5bff6118d05aec1dc0837776a86beecdfb9cc70

SHA256
7f4687185ced520333c3895ec5fc330d5ac99ccaf790ad94101f05c70eec8e53

SHA512
2c90326c5d087742cdd68265cd890f89a6a4f023311eefe98cbae9221482f4f3b7a063be82f653cb19155341d2b4bf725b7a3b1ad8e76c7256761c663b014a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f2a17c91747f3a29abbbf3561450a86

SHA1
eefcb1fceec6e70b112d3e66e9eb2ae24d0453fe

SHA256
af9a573a11dcd006ddcc4792fa18914ab96db2afc9ef2729b69692cc17ee854d

SHA512
7d476e899e897c886909b8d19176b6375d04a1761e45bbb8ae3a27057c7dec4a67dcdbcad14cdc499f5502ab4810e8a86620e4a4c5eaad5771b4d2ccde38bf1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63dd24fa8d5b98410a5ab92b36ac4c96

SHA1
1887f1a2cbdcd60946885b756c0da8b7cb2a03f6

SHA256
e02f7262c3439873176e71886777c1064701a8a2c4e0ec09a04cce918c1b0a57

SHA512
0b0430c89df6871d77cf3c9bd0d66ef242a97b258e9f9a8c7951d63a97947a1f2ad67bdc75991f6badb728a5799eafc12ba8157377bb81239931b98383bb9e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2c1cb2937c95604216cab5437ac4520

SHA1
28d646acb6b77f4338b285d41df2aac23aaddd59

SHA256
6134a76b98a6522d0c734fe50d89ddb873bbaedf9d2c9176e9aaf8ed262d505c

SHA512
495d10d41c0dd444aa54a1e73623419fe0d2668f2d56931484d451365494f4c083fd8aa5bd502d12ca09e0c41989afdf53f85b19c0d45240b74d2e4ee20e1255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
faaac9a4086a69806b390766d38b4820

SHA1
9c7b74460cdc40a24f04040ca47ada9074faf3c2

SHA256
63277ea704786eeb603ec185f49344b09e4b31ba703768f97f1a495ac7581dd3

SHA512
0b671c2cfcf91f6b1914da2ebc81b94607599c7fabab74b592058f06a2c1b29d2004351e7df230e9801696eb9971b2690c268cf3466295e1719a49f229d8665e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59ccfb.TMP

Filesize
1KB

MD5
bf424a8799caa26cc8e6d185e65382e4

SHA1
f78ea6ca9f8f5655d381b4e939383b5e3969afc8

SHA256
e0f71d0c98a0e9c0389e9efd0e3869c8e45ca0d5a9e965e74c9bbb918ec4dad1

SHA512
de5ad11c32651e7af55e195763889f3c10e7567be8acc6a411136e2306e81ebd0ece6eaebb1de5ce34149168e50148f3625e84f0b626af0dc01b7029be8f584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6bf90e870caa965f42f689c7eee6de7b

SHA1
b93c840f329cebf6470c18ef63cecb5f47b54061

SHA256
db5701728e529f52e2250926c3aeab4c944973c884388671852c8bab69209e38

SHA512
546dbc4e72abfc1e89004d1c71cdf3189b130f9999d34705f5012c65bbe8ac1a4018f49fa575f60622f1f496e0a752489e4cacfc4c34f2acf8a933124f75d09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2beae0564d2a51d438e23ee3fe027171

SHA1
a5edec16994a56570bfd55a24666d5da89c73ca5

SHA256
8fd1a4f4a3efb77d663c63df441331e6153f066feb81c575b6dce0e304b81d21

SHA512
c914b985df3386d090c4fad74b1ce6a68d0c945f5fc16fe12b121b527b619a56b22ac87b6310620acb684fbc4586e99732a2ffc401cd59c73d579d152635f497

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LGRK5.tmp\Update.tmp

Filesize
3.2MB

MD5
a8df515ee641f262b2b3ff9562b49054

SHA1
ed0c43442b3944debdd9f9d4ab3d6f61365ff9e1

SHA256
9c2a97ffaf1403b0c8d8e29d03025211389b8f81fef9c4cdd3f3ab0bdd4a96f9

SHA512
cb0b35abf489df87ea036354d5fc1e14292fe7dc880d43434f5c81751e18a2d9d88d6aa0f1f8e2ed97fc610e267130058877d97560573b1fb4644c0249f1dcac

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\btn_common.bmp

Filesize
35KB

MD5
3f89873ca2f0a02bf5f0d82b44a93a42

SHA1
9910b32d6a76e2d534f85dfe2d5c2f399d6e981f

SHA256
5286a2e2059d37767dfb8b54c8ee0d2b6da24717cb1b1c3efbcdad0f07d009a0

SHA512
3c4525037fabbc5db9fa35aecfcc6c978d0b0f309864a51a1089218f19baff3957588d1ee0eb534b0d5a2ed920582d45046fb398fb37617bb75c837c9d1d9e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\btn_grenn_normal.bmp

Filesize
76KB

MD5
2988d6fd91c7f84bae5efb4b2a093afe

SHA1
333f179a9029e09fcdaabcf62943abc72a87abf2

SHA256
afb7ebdeaa274b1423b9b5720fb5bf34d79a2de62d42d6edcaa1b3a96739c473

SHA512
162b1b8b79be53d050c70c1c2fa3b87dd565dbf0125a62c9b5a7ada6b5c7d3cb6936ae991867255fc2040cc266ac0151de33e6349e14cb5ac4b5d63ff754586b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\checkbox.png

Filesize
912B

MD5
1615b01e9f86eb72c557752f20608ad2

SHA1
f8437c23d7ec9b97ec572e244f158049e7620692

SHA256
0d3b6cd710544d79ed0705db2f42398a84dd0d97ee3cdfdb0d4b075a31ac3ce6

SHA512
578770c4a0e90b3a3dbc459e99594628151660dd6062d47cd34ca1f9a96629564410b5bc99bfbf1717cf0ea27aacb549f7f18c37ffa1e308ae08f96ca9e05f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\checkbox_license_selected.png

Filesize
477B

MD5
c482cc0a34c3db2cc13184077e5d47db

SHA1
3b1c52adabbc410cc1e70833d1e460daa18ef3ef

SHA256
ea6efc70a57e8ad44f466181bbfa5c56059e4eeb4161a2b15e8651c86a100d09

SHA512
cf62c5e4bafabf78e75d4ce0d076e825d5c6760d0f9a547584989d818359d6eb1fd0b4c349810c5df6e5eecd423780a3d1bacb73642d06c436894bc5854470ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\circle.png

Filesize
1KB

MD5
a80f464b60816479334b6c5b39dbff18

SHA1
dc5bbb82387669f7645008a8ad0a52c4236f989c

SHA256
b532762a4c797e209c5da897f4a0bced5dfa19d34db66bafc7455fa019ba4e17

SHA512
799a02804e081909cee7d68489424f9ed638aee1612b66ad98b32003602b85b80db6e4d9d61e5f996c57d5b9c8aa30b50179db81c524edb05a78f9c56a981751

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\close.png

Filesize
643B

MD5
c5d4199133d845215eee250ac2478370

SHA1
70a0d9732e82edbef358ebcf41563bdf5f1e8bca

SHA256
c9a29bb36ada4dc575a62e38b0b5e522d2438860534cdf174f4ba1a14f866802

SHA512
e709631629eb7e12c036b296160ef1aec0579dfc77b4a74ccce7a2f594c59cfe16db7981f2854f1470aeec0131ca7c64f985140571d59e469d6dc060610e4be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\close_prompt.png

Filesize
1KB

MD5
313eff59439378868bb979d0af1f38b2

SHA1
4a390a6878e5dd03bc7a9158678435abd72a680d

SHA256
f286e699bf67e62f68af0f20a18cbda158eea0fe769249ddd54a5ca19702eec0

SHA512
e528e60453e1bc714af018d3ee6e586d92cb2feb2cf565845c62c49f93d05e4c24a74fca2d2ece4c5638cb3e0436f4962c79628888ec14ea78f06f6a35f6ba01

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\installation_bg.png

Filesize
15KB

MD5
de2910024c97296f74db2929dd967810

SHA1
4e63344ac9fe3a7554bd66f3f04ff82b5086a632

SHA256
dd2b1935e615891a2e29430cb2adb9a07245510c16bb9336d76cbe8c48f79938

SHA512
152ee45f5b4a22c100adf0a3101927437c0d1624ffff5890defa07192b75564a51a2b2ef7c901eb8489053a8ea432298fa3c55289df80d0b950d75cfa4817636

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\installation_message_bg.png

Filesize
13KB

MD5
841879f4f9c15e60a56f115440450068

SHA1
58ae1084860175c39b3cdad878baa16d2c697da0

SHA256
46915028d24416eb6a2310c533a0237d669f0fec1aebd19f8540a6ed930aceed

SHA512
c8111b2100bc9b45c595146a4a29cc02301fe388b997d0c5b7eb7766b2e06899b616c47c1e2058f40dc366217074520118ec6a8bc74a0fafe0e16b51ac23fcd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\installing_bg.png

Filesize
45KB

MD5
f4be352f09d837736cad0fd651bace19

SHA1
c12f90bc68a6360ff0728003a0dabeab97a8ac70

SHA256
992c6e3ee43400029bf274574377c393ae6a534bd3ff0e1aa00c87e5905c434f

SHA512
49856418156b71744bfd9213c5f4aef23b4b1be4c2df1f79627ae3b5591cc2d3500062e1852bff23f3496609d74adddd5c4433b09f715018dce33fcd0f628a52

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\min.png

Filesize
503B

MD5
5389e8a18660074075ea860947e9f892

SHA1
f61adfe811f805c8cff34c928b1052d531b2bc01

SHA256
5cc3e27ef6390044661c5cc7b1a68bb6da4432036f4697195d84496e36980f4a

SHA512
4b291bbc8a2380f89498aa9ce600cb5de6f9043a365d3ccdd92658c4200539ef34e6519b0b6def6fdaf28f5ae8dfd3c2259c792a75ac021b69c1ee31b74a6e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\progressbar_bg.png

Filesize
361B

MD5
3fce8f03dc579cbce9d449bbbf8646b7

SHA1
8e78a3661df07632460a9912aeb2ece4e19e9e43

SHA256
61f7b00ae88f700a3d864d2b91a48f463430086b778c16c7197a5523b0a46934

SHA512
1a933681c85ce6179aac8b4bcb7e2d0545ef373c042ad02465db1435dc7b57baae5933d1729a908258f0015fb875f67abe7be2041cadb081a219c43a16188c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VSLGP.tmp\progressbar_installing_bg.png

Filesize
362B

MD5
f89c33ea10e1e74a5800825d61f2d9cb

SHA1
1f02d1f7469c7fc1f9eee99c5a2cbc2695580505

SHA256
19e715e35ad72909e62d955d5937d64777835a29893e906778e07bc390aef8d0

SHA512
7b25957ccae3131d18e03c4e0e0dcf5ee00fa049bbe3d16b11984ff1e4db4a08c9a0f4c2d547139017304cc037aee57a40d1d3ffe0412f0883842fb0c5335e3d

Download Submit
C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Crack\DriverEasy.exe

Filesize
4.2MB

MD5
5228a27eec37372041db7fe90c5dc9d0

SHA1
9c18d4b4e205ba677a9ddbff30bc461c66ce17d0

SHA256
86a8b72f18c67f80eea21717b0b7de2706b4a8e40f7423c6ed0f811ed0fcfc8e

SHA512
38a7ed2d7dda7a73f4e606b265771f05869283f662b141aec2cb771abe517d57214ca1502f5474bb5cb503bea5f0ac2d69fce76a91fbecfbc6e4609b26418769

Download Submit
C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.exe

Filesize
483KB

MD5
ecafda8e5a36f2c81e6b862e5fa8efd8

SHA1
5d74cf290c3c2015c7dc9610ec739e539d177bd5

SHA256
1c09deda507a1291c0bade085be847e0c0425ef91bd03174be15a4f9ec016ba1

SHA512
ba407cfa09fe9e5b8490a868052030617ef8e89089f01307da61631291a9306a630a16c799c850cb347e9cd0177bf88628689c9739b45d6928734ced1eee12e6

Download Submit
C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\DriverEasy_Setup.rar

Filesize
6.3MB

MD5
860e08a3bfb889c26c0882733f61ac62

SHA1
b4cdfbaa15aec60890fd9d008e3ec6fa6517075b

SHA256
e382f574d27880b6969762248b90d6a75c25eee62b6cc041fba2d868720f6b28

SHA512
494e00235f7fe5f4f3db632688b3463831508d07f5809058033751c5963394e5cc33168c2efdcbe2310b69939c9be2dc4016cdb4762dc653ad2d8a09d975460c

Download Submit
C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Readme.txt

Filesize
260B

MD5
1ef7aafc0dfce2f9258375f308aec77a

SHA1
97e9621daae29729e529938197bca82d9dae9263

SHA256
467871d2278503f4bc544210791bb4668c4fe3f794c659e4d047ef628191708b

SHA512
a57cf71a622e8665b02c34223a4d94085e99244e6102e8fc7bf018baf868bd327031328841607cae2b7aa6c806d8d8d7c0dfeabba931ab89b5ce0dc6803e48d2

Download Submit
C:\Users\Admin\Downloads\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Driver Easy Professional 6.1.1 Build 29776 Multilingual\Update.exe

Filesize
6.6MB

MD5
6f7a3b8c4aa3ce771664dc433e1640ee

SHA1
51b28931c0abc0ee52fd65fd5c76276249cb0ec7

SHA256
1bcf98a3f711db0160c8d060d00d090f83bd4e96457a916e714a1bb1c1c4159b

SHA512
1b51a31f496c22bfa53e49bcaf7ebe3dded9769b431d0924c6248827317f559d185a8f6972c0f31889e6589e58ce704637de175a583143d58eef6b2fbd3c26bb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 801914.crdownload

Filesize
7.8MB

MD5
b88f624342111efa1e9de307492b67fe

SHA1
25301acdd561fdae2298cf37b09cf8eddbfb71f6

SHA256
cbadb884e1507e54beeb620a71731c44a72981fc786cb045d05f0e01081cd020

SHA512
da54f687ac59a6357ef5dce9284d39e48fceed3088a42ce507622ba4b3832483771a8d0077d2b9f72d9806b7fc6e9e3fc61ac0ed5c245059175520e3ae07ec41

Download Submit
\??\pipe\LOCAL\crashpad_3736_ALSXHRWULDZEFIJK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1620-489-0x0000021C436C0000-0x0000021C436CE000-memory.dmp

Filesize
56KB

Download
memory/2868-145-0x0000016541150000-0x0000016541347000-memory.dmp

Filesize
2.0MB

Download
memory/2868-142-0x00000165266C0000-0x0000016526B00000-memory.dmp

Filesize
4.2MB

Download
memory/3464-522-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/3464-187-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/3656-273-0x00000000036C0000-0x00000000036CF000-memory.dmp

Filesize
60KB

Download
memory/3656-283-0x00000000036E0000-0x00000000036F5000-memory.dmp

Filesize
84KB

Download
memory/3656-521-0x00000000036E0000-0x00000000036F5000-memory.dmp

Filesize
84KB

Download
memory/3656-519-0x0000000000400000-0x0000000000736000-memory.dmp

Filesize
3.2MB

Download
memory/3656-520-0x00000000036C0000-0x00000000036CF000-memory.dmp

Filesize
60KB

Download
memory/4452-499-0x000002B1F8430000-0x000002B1F8486000-memory.dmp

Filesize
344KB

Download
memory/4452-497-0x000002B1DE050000-0x000002B1DE058000-memory.dmp

Filesize
32KB

Download
memory/5452-154-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5452-152-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/5900-548-0x0000024F83750000-0x0000024F8375E000-memory.dmp

Filesize
56KB

Download
memory/5900-561-0x0000024F9C8D0000-0x0000024F9C8D8000-memory.dmp

Filesize
32KB

Download
memory/5900-547-0x0000024F9C390000-0x0000024F9C3CE000-memory.dmp

Filesize
248KB

Download
memory/5900-550-0x0000024F9C120000-0x0000024F9C13E000-memory.dmp

Filesize
120KB

Download
memory/5900-551-0x0000024F9C180000-0x0000024F9C192000-memory.dmp

Filesize
72KB

Download
memory/5900-557-0x0000024F9C350000-0x0000024F9C35E000-memory.dmp

Filesize
56KB

Download
memory/5900-558-0x0000024F9C8B0000-0x0000024F9C8B8000-memory.dmp

Filesize
32KB

Download
memory/5900-559-0x0000024F9CAD0000-0x0000024F9CB08000-memory.dmp

Filesize
224KB

Download
memory/5900-560-0x0000024F9CAA0000-0x0000024F9CAAE000-memory.dmp

Filesize
56KB

Download
memory/5900-549-0x0000024F9C4E0000-0x0000024F9C5EC000-memory.dmp

Filesize
1.0MB

Download
memory/5900-567-0x0000024FA4E20000-0x0000024FA5348000-memory.dmp

Filesize
5.2MB

Download
memory/5900-581-0x0000024FA17E0000-0x0000024FA17E8000-memory.dmp

Filesize
32KB

Download
memory/5900-582-0x0000024FA2310000-0x0000024FA2336000-memory.dmp

Filesize
152KB

Download
memory/5900-543-0x0000024F9C150000-0x0000024F9C17A000-memory.dmp

Filesize
168KB

Download
memory/5900-545-0x0000024F9C210000-0x0000024F9C244000-memory.dmp

Filesize
208KB

Download
memory/5900-546-0x0000024F9C100000-0x0000024F9C118000-memory.dmp

Filesize
96KB

Download
memory/5900-527-0x0000024F81610000-0x0000024F81A58000-memory.dmp

Filesize
4.3MB

Download