lumma | hxxps://download1527[.]mediafire[.]com/gvdsy9q4ly4gyWlzsR6kjz_C3Sn1ZLNzXtZNp7oTwtBCP5giLbnfSZaeNO1SDZwym_oJeoL9VMQ1m9X1AMmJ04c6pcwlYEAEenAAdvfeenwVV8zfXRVEgepGjZ40-5ZXZYNxXorO2ibTS5X1abHtUdS-_njuQqK2qsQVbScdgq0LSVc/0lh5huhlxsgzsjw/AxoPac[.]zip

Analysis

max time kernel
186s
max time network
188s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
09-01-2025 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download1527.mediafire.com/gvdsy9q4ly4gyWlzsR6kjz_C3Sn1ZLNzXtZNp7oTwtBCP5giLbnfSZaeNO1SDZwym_oJeoL9VMQ1m9X1AMmJ04c6pcwlYEAEenAAdvfeenwVV8zfXRVEgepGjZ40-5ZXZYNxXorO2ibTS5X1abHtUdS-_njuQqK2qsQVbScdgq0LSVc/0lh5huhlxsgzsjw/AxoPac.zip

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x00250000000465f6-2133.dat	net_reactor
behavioral1/memory/5288-2135-0x0000000000E60000-0x0000000000EC8000-memory.dmp	net_reactor

Executes dropped EXE 2 IoCs

pid	Process
5288	Installer.exe
5392	Installer.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5288 set thread context of 5392	5288	Installer.exe	127

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\a37e7e00-8213-4015-a74e-afc7a03586be.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250109105512.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5236	5288	WerFault.exe	124

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2716	msedge.exe
2716	msedge.exe
4576	msedge.exe
4576	msedge.exe
2024	identity_helper.exe
2024	identity_helper.exe
5556	msedge.exe
5556	msedge.exe
5556	msedge.exe
5556	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4500	7zG.exe
Token: 35	4500	7zG.exe
Token: SeSecurityPrivilege	4500	7zG.exe
Token: SeSecurityPrivilege	4500	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 3024	4576	msedge.exe	81
PID 4576 wrote to memory of 3024	4576	msedge.exe	81
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 3996	4576	msedge.exe	83
PID 4576 wrote to memory of 2716	4576	msedge.exe	84
PID 4576 wrote to memory of 2716	4576	msedge.exe	84
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85
PID 4576 wrote to memory of 3596	4576	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download1527.mediafire.com/gvdsy9q4ly4gyWlzsR6kjz_C3Sn1ZLNzXtZNp7oTwtBCP5giLbnfSZaeNO1SDZwym_oJeoL9VMQ1m9X1AMmJ04c6pcwlYEAEenAAdvfeenwVV8zfXRVEgepGjZ40-5ZXZYNxXorO2ibTS5X1abHtUdS-_njuQqK2qsQVbScdgq0LSVc/0lh5huhlxsgzsjw/AxoPac.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff0aa646f8,0x7fff0aa64708,0x7fff0aa64718
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1448
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6a3d05460,0x7ff6a3d05470,0x7ff6a3d05480
    3⤵
    PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,5463190313519696270,8698505295206700444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2364

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AxoPac\" -ad -an -ai#7zMap23972:74:7zEvent27228
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4500

C:\Users\Admin\Downloads\AxoPac\AxoPac\Installer.exe
"C:\Users\Admin\Downloads\AxoPac\AxoPac\Installer.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5288
- C:\Users\Admin\Downloads\AxoPac\AxoPac\Installer.exe
  "C:\Users\Admin\Downloads\AxoPac\AxoPac\Installer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 136
  2⤵
  - Program crash
  PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5288 -ip 5288
1⤵
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24dada8956438ead89d9727022bac03a

SHA1
09b4fb1dba48ec8e47350131ae6113edd0fdecf0

SHA256
bf1e5c7828e4672982b16451b5a201e65e812e98a97b87c9f2f7c22677cb4ec1

SHA512
03f092a4b20a4d8cc111220b35fbf5470878b7723faeddee65b1d9cf327167053792c77864103b4530b9b9f819e32a5721b44189291dfdb5832769835ea5dd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f073249d4ef50b5bce7717df9540456f

SHA1
b2590ec97c263094e13591c8d6f13cd48cbcf1d6

SHA256
7d8768f953493198d4308e7e3024991fb46ed6ae6a9d1adb4a0ea511767ec802

SHA512
0e81f27050b7f4c9540c8252d90b624b413bb8ea61d0752a09f377237d76ddd5062c012a0b9e00b32b709098696948bbe9712b72ba0f53672ed6b1f2910b0609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b712a4c83dfb3c522d032cf900e863a

SHA1
4f5bec4be6f4ebfa959e899ceafc62309bb1f141

SHA256
31da2a41a051db11559c47feb923d4baad32a384f530013a435fa884dad64493

SHA512
03b24d9307623b3a341230805f3ea662b0107c314650a51ae7e89d901cb3ad212d4219bab4d763d0aa8d50831aa0e6d4e3379573cc2f724873804578e8642898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
90236da4c348e4a5b4a6a59194cff17a

SHA1
1987ea10b9124cc7f7ceace1597ab0fcba1338a2

SHA256
7492ba8bed6326e6a86d70b97fb34bcfd13750c6df97560323d492f87e83a9e6

SHA512
36b0c90e59dbb7a20849afbc24fa9ec2148940ce256415271b7bef4b009d3a1611b7adb2411a8030df58fe9b8d00033e6ab12489f0bd8dac8dbefcd8429fb493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2f538ee4c320622aa2ac03a53aeeeacb

SHA1
851776d18a5276129853ba7f46bf154f566dc025

SHA256
998766b06afb85ed63ec54eed423348cabfea5f293873576a21ae42b5754c707

SHA512
4d37b988f677bb3b941d4fb083e370ab2b065069888233056422c9731da3969a139dc91c90c5a3a9950936ede012df4eda42cba291340e187fbf6d39800c990c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
4907b61107c61f4987f97a1ae7ce5ef8

SHA1
f549ad6ada9b03a7436c0806da690107df940d91

SHA256
8b681ab417f02ae0eea66a88af0da80aa254a2ad692f716655156a676aeee538

SHA512
9bd635c732c7a182dd9fd06ad4e86beab9564914a99ce1fedf24e0ad38a54fff7ac023c893ca424398eca5a3b4e3fc9d9ffe4898d346125a06da41d836854e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
4c6eca25e7dc2705bc4efd798f69c7a9

SHA1
77e491814b78600349e6786de09e78c683157f10

SHA256
f0faa107575f645e9c57827834387d44389d5ce39727b10cd2c839a31f5f226a

SHA512
ad8dc618d65efa38c013cd7d9ce72849c6f556871d1d00d3db46841b6de1d5fba6e824213e996f9499f41c58bc7c0d5573ebde746d4d66f51b2edecb110e6bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
cbef1e9038fc3032ad757dc840e139df

SHA1
8486eea9b4a4db523bbf3e2e35c0d2e858506ac0

SHA256
eed33fb2c8303b4dcb7b7b87f75cf5a99dc2ba4c257ea85650b04da1a8b5265b

SHA512
04399b54bd768b680e3b175f28553617ce364fc0ed9201c70f5ba73c4e84a3ab24fc161be480799c3401d68aeaec44cbf8a57334fb566f1daa81db9c5d81051f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
11c7b2d7fe132cd7fa09074a6655bbd0

SHA1
7acadb026b462ccd23a88aa2fb579081bc5381cc

SHA256
82699c75fe594f8928483c8ea6bb9194d06fb70501a39851bd840bb8fdccb2cd

SHA512
b623b665540f966b2b8d080ac5369bc13ed251ebae2c0cd2175d18bc4617b67573f6c4262a6000d5fe3f48d63bcde438dff8f06bec1c084e361aa21f5854e71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
73257a66176670411c6ba2f8a8c928fb

SHA1
bb256a857532a48f55ec910bc545173538f38211

SHA256
fd9fc87ecb102d3ee354049dbb911c64365a7e509c2ba231897517577f0104e6

SHA512
fc4e0ca4caeb24fd91bfcf97707a981cbac8ff084093ad58b1e9e3f861f2bdb4ee24aa0245ba8b6efb7386a645d0520255db8595a410034ce5576bb508945238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c2d07f0ffbcd0d7916ee2f28180aed95

SHA1
dfb37f3de6c4814f0cb4dc31b98bb8f706c030fa

SHA256
150356afd22745d99eeb219ff4809ddaaa66f0c01b0f96c295f07666159d8f58

SHA512
daf7ae97e35546d0c5b12b76b56523eff33b31839e42a374731134217c8daf482446ce78f591cf4be4837cebad3e5805c3a566efc91df2ddc9a4c86b255c2299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe587886.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e73d4a6eccd31e6acd84f65284e0ebe

SHA1
33f45b43a760caf519d6ceb3ab9684ddc6426765

SHA256
be0c328e37f96066582d2820fb4513596cb68a243c58ad82a0760e33ddd9f7bb

SHA512
312fc58fb7c541d7a189a97cb07b325c3774a0d081ebdc824415b1a36dfffe403e0e22ac4bedd08ee4a5d5b6ebcd4fc52b28fa83ffc0cf669405f218d908e7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1875a8bc76edbf8d71f1ebf774193401

SHA1
e557e1b92cdceb353778f3012c8097d1eb60785c

SHA256
d6825f3fe8f21d7bdd085a639c1b285de63c771016737e55e028862c5defcd15

SHA512
8471b950c7a92cf2cffcf8f2749d79ffaf14607d9606d4d7f8a5fe7638dae166a18379282ddb1866fa66e64a49fd6740778d18db6e23d55ba156eb227815f61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4f2c86432a9bb875ed1109e84942dd3

SHA1
9816ed5f11bfa69051faf64e03e1b3cd41b8901f

SHA256
288497584de9153b9c2d29cbfde6538da1abbe7bb684ec686d658cb542f8dbb4

SHA512
d013de627462b4f3b1e95cad22a7a059031691686c3e1a59be4d6b558518fe4a3db25ccffb5704226d9b99d233fc34e5a7cb69a069241bbb6d4d8205f9420968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
89b81de13f896c58961128251dde0311

SHA1
fe0a6e5aebb5bd68ebcb1b799f3e2a6c809a5306

SHA256
43e8f795693dcd5d943b35b5aab41f877c0bb2a88d6579086478cfa400599495

SHA512
16cc16570222abcec321a64c9a70a641037914307035c884254256e416b921861befe09c6985e829cbe0230b16198cbf84d32ff59a06f50de8ff343823eb08bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
85eca930a791cbcb1373f5fdaf17857b

SHA1
ffea7d54e9803374a484f1e4c124766e80024efc

SHA256
fbc990061790350f00dc28f2dda277aac81bb8385a6e92e90a20101436c3312c

SHA512
2ffe0de3f80ac60f2ffa55f334026979e6be328b7c69f4603aa3c5d1bfa6c3b3744d86ac2a34ecf904d0a41b36bc485392ece58f6cc89d7ffca293d02efe5bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
99a7edf9124dba808b6d025b14aea278

SHA1
f1de2fdd81ea87ee78e8afdc1a7cdffcf62a92ef

SHA256
9d38a8d193a503b9be7b39be5d150bcf22038c84fbf3d53979e2f075a35b9089

SHA512
fc371b7ad5606a9948ba4a315e40a0a93592f57103be4a3712020977b43e4277d95d74ff35e490239dbce1cc475fe1d1746764f5970d2e9f04483c985268f5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fe8cfa16215ed9bee87a60f1128d2ab6

SHA1
f8bbfbe73ee432982a91fb71e2a125c5b2e1d6d7

SHA256
d209a5a02bb38d11395cea001a7d1f404af3d2e0237620e055f3854ed2f7d1a8

SHA512
ecde5ff0e6b0056e0b29a459d21047eeb3befc5adb8ca251aa0273a7641bcf437acf0538b1c66fe7f88947f13e3729d14556f2473fc18460b3164587b3a1cefa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
194bd361ef85bb2bc7f6e7dc10797fc7

SHA1
8c686f8abe7159b14c3ef02f74e565d444a00d12

SHA256
d0979280623429dcf471a5cdc99109de569ef4d2263d9931282e1cc318470718

SHA512
632566e50d5130e9a55bdd9bebe1baa2f9793680523477f47a7d2041f8ec28c15629d49e824dc2fdd689f1659df899462ef8aeba2ac957088bbbc1185a5658d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b942f9c85ddfb2e7f613ba1ff672843b

SHA1
943668ab926e8d638fdac5fa7a6e525942412b57

SHA256
50d3502bd30ffbfbdb56b1c7d652ca8059505a5d306b0fd9c57ad0b8f6bbd3d3

SHA512
315ac1271f123a8d813e9ef039b57c9afdd65df85deb28fbc25a5889781dbba15aa4f44ceb81a00ec2575649481864298dd39c2587bd0a5a77fad9add3d973c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e8dd4456f78459539ec98c820169123e

SHA1
d12cee33930aaf75eedb5559daf65ea76766bd9c

SHA256
432ec88946eeeb7b46601b8548f0b29d25cb48185bb4f9ce3040a0491d4bdda4

SHA512
eeac7023032a2565e3cc508f59c372d7ae8cd6e350d7c3faefa8d55acdffdb8a8cac0c1b0685e68e402f2a8eb79b23e2701c4450c0550706de5632068769f33d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6707f4bc162ab558724fc31146054f60

SHA1
a21274f673448cce05a7ade8587899255709f691

SHA256
20b56ff7c30f9fbc53b36006a44e3f0e8df2839792788c98c7234344675f2470

SHA512
1c4405b3baf81da3d3478adaed1970f326f75a6d1c4cc9b1cef0d76624d5c35d74576a5bd301adc682010039130d223c7e3ee93432ee7983bf475fa32aa03615

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
852820c1514b2e1c56e2daba57994171

SHA1
08973ed91d7e4e7376fa2e3785dd3a241bba9564

SHA256
7096b57623a6ba64305944c5602df8da615a87c4651f3ac78181905bd0eb7136

SHA512
e5e9707974d3cc8903a03578bf580a0ccd4ae80c02ad71dc239e669d4ab9b8eae9ff35c3614ba8ce27f860ef2e46f509382d77a053c087d90d1b0bbec5682564

Download Submit
C:\Users\Admin\Downloads\AxoPac\AxoPac\ASP.NET Web Pages\v1.0\Microsoft.AspNet.Razor.ru.1.0.20105.408\lib\net40\ru\system.web.razor.xml

Filesize
88KB

MD5
398dc059ac7b960a31bba803c6d4b7a3

SHA1
dfac62f6e4ac50a0029031244fc5a1469ffe90e8

SHA256
943feccacef5fe23b3daf662594e3b45fcb8bc1caf25ea1c474721921caa9488

SHA512
f3bb82690b39dad744be9c403f7efcf2c40c903f85be013fff4b1a2ac77e8d59e77bc1eb9989134f800fba3d9bcb987485a92b719386750c70dd7fa1acb533e0

Download Submit
C:\Users\Admin\Downloads\AxoPac\AxoPac\ASP.NET Web Pages\v1.0\Microsoft.AspNet.WebPages.ru.1.0.20105.408\lib\net40\system.web.webpages.razor.xml

Filesize
6KB

MD5
9c8531c1d5f692cd921c8a56d85bc85d

SHA1
801b699bec07e93fdd05469f15cf80be4178e409

SHA256
16953fbbff24c3d927e5640060948da47c15a32918ecb2fc4f922a82b3fcfa9c

SHA512
3e7fbce84ca7bc96d46ffc3b4fc7acf21d962d379589125a6515178693c379eb6b5833e428ec11f106e9b807147c698e898840a20a8189a01baf76ace9a1f719

Download Submit
C:\Users\Admin\Downloads\AxoPac\AxoPac\ASP.NET Web Pages\v1.0\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll

Filesize
44KB

MD5
969d6caf273394f064475292d549516e

SHA1
91f688c235388c8bcee03ff20d0c8a90dbdd4e3e

SHA256
fe18f4259c947c1fd6d74f1827370e72d7ad09aefb4b720af227333583e0169f

SHA512
b4f6a614e5fc52850e3d02ebf7e85abf1ebe3fb4ebd6b4f03ec9dc4989cce88e44714ca2198dd7e632f5ed0f15225a68b31052da33e5ac3ce48a1c91c3c04446

Download Submit
C:\Users\Admin\Downloads\AxoPac\AxoPac\ASP.NET Web Pages\v1.0\Visual Studio 2012\thirdpartynotices.rtf

Filesize
87KB

MD5
b0ac92e72b07a4b37d66f0264e3373c0

SHA1
769dec94ed0bfcb47e68026aa01e80a26943ff38

SHA256
5a0792c375031840221f1737ba389b0d6dac373b118a107e50fbe78fe5f4ba69

SHA512
716c37b16c577de53b7f6e3934e09ae329e138a8a1725d60e9d8907c43c4400918a31b12ae173644efc25ccc9bf7cb332a3042c17386a3724320ab977a7ded52

Download Submit
C:\Users\Admin\Downloads\AxoPac\AxoPac\ASP.NET Web Pages\v1.0\WebConfig\System.Web.WebPages.Deployment.dll

Filesize
25KB

MD5
f9efab153915541f6cbdd147f85f9842

SHA1
5d923740f2377298ad917eb9f5bfb45e0b1465fb

SHA256
130fe2b8282263c77d9bee89d636166848291432696c449d708c819b17bf053a

SHA512
74890a53f2b0b73816e5155fb2b48580fa1dbf3e35077e7915d96ae57516c5da2bbf968978ae134e12754039a5ada6f8dfbcdc121cab9b887a6d4d259b68f3ba

Download Submit
C:\Users\Admin\Downloads\AxoPac\AxoPac\Installer.exe

Filesize
389KB

MD5
9decc5290b2740e6a0c5d4a6ae0fc310

SHA1
aeb842132a46de33ff8738de357cf25e1d90dff8

SHA256
fe791dbe6f3502577946356d1a24af0523b1bc78c5108c9b23adc04a97068063

SHA512
b227dea70b9dace8366008c3fcaa15debe1558493b9112a04d8394b1d4adcf4ed1b3a251a6bae3b1dc8c7595ef3bf84e149e05992a62b2f25f9fe8799a00cac7

Download Submit
C:\Users\Admin\Downloads\AxoPac\AxoPac\x64\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
memory/5288-2135-0x0000000000E60000-0x0000000000EC8000-memory.dmp

Filesize
416KB

Download
memory/5288-2136-0x0000000005E90000-0x0000000006436000-memory.dmp

Filesize
5.6MB

Download
memory/5392-2138-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/5392-2140-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download