Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://ify.ac/1Ic5

windows10-2004-x64

8

https://ify.ac/1Ic5

windows10-1703-x64

8

https://ify.ac/1Ic5

windows10-2004-x64

8

https://ify.ac/1Ic5

windows11-21h2-x64

8

Resubmissions

14/07/2024, 14:46

240714-r5ksyaxbqh 8

14/07/2024, 14:43

240714-r3y8jsvckq 8

14/07/2024, 14:37

240714-rznmmswhra 7

Analysis

  • max time kernel
    1799s
  • max time network
    1579s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14/07/2024, 14:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ify.ac/1Ic5

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 6 IoCs
  • Program crash 37 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: MapViewOfSection 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://ify.ac/1Ic5"
    1⤵
      PID:1340
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:380
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • NTFS ADS
      PID:2936
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1188
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3964
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2276
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4728
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4720
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4060
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4460
      • C:\Users\Admin\Desktop\setup_cX6CGdSefG.exe
        "C:\Users\Admin\Desktop\setup_cX6CGdSefG.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:4760
        • C:\Users\Admin\AppData\Local\Temp\is-HNG1N.tmp\setup_cX6CGdSefG.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-HNG1N.tmp\setup_cX6CGdSefG.tmp" /SL5="$40386,5849669,56832,C:\Users\Admin\Desktop\setup_cX6CGdSefG.exe"
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:1568
          • C:\Windows\SysWOW64\schtasks.exe
            "C:\Windows\system32\schtasks.exe" /Delete /F /TN "cd_2_mp3-converter_7142"
            3⤵
              PID:4896
            • C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe
              "C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe" 3bd385055176d54b9daa41d09a07827d
              3⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:4460
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 812
                4⤵
                • Program crash
                PID:716
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 796
                4⤵
                • Program crash
                PID:2008
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 856
                4⤵
                • Program crash
                PID:836
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 960
                4⤵
                • Program crash
                PID:348
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 992
                4⤵
                • Program crash
                PID:2156
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 940
                4⤵
                • Program crash
                PID:3424
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1032
                4⤵
                • Program crash
                PID:3372
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 972
                4⤵
                • Program crash
                PID:2904
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1016
                4⤵
                • Program crash
                PID:4872
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 864
                4⤵
                • Program crash
                PID:2320
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1284
                4⤵
                • Program crash
                PID:2692
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1552
                4⤵
                • Program crash
                PID:4344
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1524
                4⤵
                • Program crash
                PID:2448
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1564
                4⤵
                • Program crash
                PID:4952
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1712
                4⤵
                • Program crash
                PID:3684
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1932
                4⤵
                • Program crash
                PID:4552
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1572
                4⤵
                • Program crash
                PID:4692
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1760
                4⤵
                • Program crash
                PID:4664
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2028
                4⤵
                • Program crash
                PID:4080
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1032
                4⤵
                • Program crash
                PID:3372
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1764
                4⤵
                • Program crash
                PID:4080
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1464
                4⤵
                • Program crash
                PID:2444
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1808
                4⤵
                • Program crash
                PID:5172
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1792
                4⤵
                • Program crash
                PID:5276
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2052
                4⤵
                • Program crash
                PID:5324
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2152
                4⤵
                • Program crash
                PID:5404
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1820
                4⤵
                • Program crash
                PID:5732
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2200
                4⤵
                • Program crash
                PID:5812
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2160
                4⤵
                • Program crash
                PID:5888
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2228
                4⤵
                • Program crash
                PID:5952
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2172
                4⤵
                • Program crash
                PID:6004
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2136
                4⤵
                • Program crash
                PID:6032
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 1812
                4⤵
                • Program crash
                PID:6056
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2136
                4⤵
                • Program crash
                PID:6096
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2224
                4⤵
                • Program crash
                PID:6128
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2280
                4⤵
                • Program crash
                PID:5140
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 2260
                4⤵
                • Program crash
                PID:5184
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          PID:1184
        • C:\Windows\system32\OpenWith.exe
          C:\Windows\system32\OpenWith.exe -Embedding
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:5772

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
          Filesize

          4KB

          MD5

          1bfe591a4fe3d91b03cdf26eaacd8f89

          SHA1

          719c37c320f518ac168c86723724891950911cea

          SHA256

          9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

          SHA512

          02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

          Download Submit

        • C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe
          Filesize

          4.9MB

          MD5

          0fe58677998932ece058f23fdf28dae7

          SHA1

          6d0f9640026143a5d128eb021361ca163ce5c3f3

          SHA256

          6071e75c7cce7ec1900d93ff08a1e3103bc5f42a72e7dc04fe8cb055d2b71cb1

          SHA512

          5bed3f6678a54ab1933f24c45eac6c00187f4dc65553d5e04614a448c1c35631057037029d712db2aac2c2b280e96cc491a5e4afd9512311aceb9df0e110b831

          Download Submit

        • C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
          Filesize

          74KB

          MD5

          d4fc49dc14f63895d997fa4940f24378

          SHA1

          3efb1437a7c5e46034147cbbc8db017c69d02c31

          SHA256

          853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

          SHA512

          cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\284LP8AJ\QR5Eh00-DY-sP8PcJ5iIzhz00opxPFI30kmgY8y9GnU[1].js
          Filesize

          17KB

          MD5

          142ad35a28d4cfa91655c971bdcc8c21

          SHA1

          a2ebf958fffaf5dae9855080c6687e0127f51cc3

          SHA256

          411e44874d3e0d8fac3fc3dc279888ce1cf4d28a713c5237d249a063ccbd1a75

          SHA512

          a1591f1b237541df648ace2fa8b22712fa2e930977004818ee20ea05757fc8bd54febb344dcdce6354ae9d6b7fc2f8d7eada88c05593cca56c3d85996ea0b089

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\284LP8AJ\bootstrap-icons.min[1].css
          Filesize

          68KB

          MD5

          e8f9bf6bffd8e881edf8d6880608421f

          SHA1

          7712bcd53b975e0ec26af2af51c2098ff5bd25d8

          SHA256

          ee16c135f599c64d3ae35ed65466b5ae1f91d2bac858f8701b76213565a0e664

          SHA512

          633c0680574ed4d430d426643e81b2464127513c4f49b1965ef1a25eb5a4f08792a9dc9c8b47440d874b2e3331ab5cc2a14d1005ae241c016246150bdf3d9ba3

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6SB1654C\bootstrap.min[1].css
          Filesize

          188KB

          MD5

          6d9c6fda1e7087224431cc8068bb998f

          SHA1

          6273ac1a23d79a122f022f6a87c5b75c2cfafc3a

          SHA256

          fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf

          SHA512

          a3f321a113d52c4c71663085541b26d7b3e4ced9339a1ec3a7c93bff726bb4d087874010e3cf64c297c0ddd3d21f32837bc602b848715eadd8ef579bfe8e9a9a

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6SB1654C\setup_cX6CGdSefG[1].zip
          Filesize

          5.8MB

          MD5

          44fef7fd8263710125295ccc3d822bb9

          SHA1

          89b60d83b99f547706840ac13a7ca96c1e50faf7

          SHA256

          5d1e9799a08a6bd643ef55d32e3a3d112fe622d82fa10f48a39d59ee00d74795

          SHA512

          8d85ce67fb3b44f6caae3d9f7aaa9f6d9dbd50d14a95ebdea4c3272430e36a383886e8ce6c951e3a093ef587a337c65da26cf50fcc7bc0e02a43f7e9261b6a18

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6SB1654C\styles__ltr[1].css
          Filesize

          55KB

          MD5

          4adccf70587477c74e2fcd636e4ec895

          SHA1

          af63034901c98e2d93faa7737f9c8f52e302d88b

          SHA256

          0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

          SHA512

          d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8GX7CELQ\recaptcha__en[1].js
          Filesize

          533KB

          MD5

          93e3f7248853ea26232278a54613f93c

          SHA1

          16100c397972a415bfcfce1a470acad68c173375

          SHA256

          0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a

          SHA512

          26aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JTKFLZII\api[1].js
          Filesize

          870B

          MD5

          a93f07188bee2920004c4937da275d25

          SHA1

          901cfea09bc88d26a55cf2c57ccdaf45dfaea95a

          SHA256

          587d5394ddb17dec6f39de2e973431f161a1e08a45d499fe7c7a6333a93904cd

          SHA512

          16855a943a768355129e31623e5eb7064741d4d07ac2c0fcd21c5742a1b2e2a2c3af38e0f481bd7b8006dc96c408be07b91bbbe28ce7c4f7f0f7d53e427500c9

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JTKFLZII\webworker[1].js
          Filesize

          102B

          MD5

          f66834120faccb628f46eb0fc62f644c

          SHA1

          15406e8ea9c7c2e6ef5c775be244fe166933bfcb

          SHA256

          8f063ae681a530a407ea4d17859790d9e45fd81ce5b3bb6202fc9e30cef95996

          SHA512

          7c596e61967fe787bc29d262c945d7eb4e02f9f574d3c8c664f333c9c3b4dd4aff1dfcde8f34be1acfaf8c05423c1c118a4bfd50684a7cd9f90e5f40fbc89653

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\O7VAW68K\ify[1].xml
          Filesize

          432B

          MD5

          2e7f5fc731d075898e1ffa7e311cb864

          SHA1

          faf51eb617b74202efb2c02c1695aa085aecabaa

          SHA256

          622a7e8b955bf4ef69dc5dfa708f44a28eedfbc5ff76e0986aee46176b59cba6

          SHA512

          2987a052633707b9d2b2aae68e46ac7fafd2256ef4af0a5efe5bd3beae6bcde6757547d93e0a3dfee0897503de3d8921d19c0936b0a72ec2160503c75258b1fe

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\O7VAW68K\ify[1].xml
          Filesize

          538B

          MD5

          83c82c365233bcd93fa849bd6f40979d

          SHA1

          92a8ca8cd44801b5662c0e264687e02d116aee2f

          SHA256

          13f9a3bbee3c05fc03c3735ad5ad4bc637dec9421f4c4b0221a98a7a833d8db0

          SHA512

          65d521c40a3acda36de7bc994786a5baf17eb80c1cdf45cb2175b91b048a1651bffca92c9f1402111380199543d0b8a010194d249fe5278d9ea3606b346ffbab

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\O7VAW68K\ify[1].xml
          Filesize

          1KB

          MD5

          5d9e558cce40cc1cc57a072afd641252

          SHA1

          3e817e0543830b574a9533147f52c1c0fa9f3e35

          SHA256

          844aa6254c398506bd203099aff20059aa942f864053de3a8f685838b34de7d4

          SHA512

          6f16b7460ef5db87f8993143bdbd6a85411f5f4bde87d52f32c18d8d88057c1047105d76d11a795cb4addd0149955f69e50993a7a26274f76ffdcc28970e77c9

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EPQZQRVD\favicon[1].ico
          Filesize

          14KB

          MD5

          de5a68ecf1315791471000eea42de65d

          SHA1

          3f3e7239d7ec1702868f51e9d28e528c6c60e984

          SHA256

          fb94090003c3fd820119448548cb3f11a37304608d1f7401824111f53cfbe61f

          SHA512

          0b5b8b073714ec8e0cd1992d722c669515ce589d14f4dc224e9c1830c4aa8d3473c441758f8128f381607c85acfd015b1fa0f271c4595c33f4d162eab69f2501

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EPQZQRVD\website_icon[1].svg
          Filesize

          1KB

          MD5

          02f7553e1ac3129cd1c4d0442b5a0f81

          SHA1

          0dd8634450681fe1a2d0c1e5b02d6d0954e2772d

          SHA256

          0019255c610cb0843c524d7995905fa5201651fcc393846bee8414f0610097f5

          SHA512

          ac141a5648a3a22ceb295de8ecc6823f53d2a453316cd591dde888715344a60694316e1b85a5ceec72af62e34cc3d01768b020e5dfd5e0cb9916ec975ba4318e

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZLZSVZE4\favicon-32x32[1].png
          Filesize

          1KB

          MD5

          16a75c7824b5223b8e22864354e9e33f

          SHA1

          2c35e76ebe2d8002369d582b32bd70374552c574

          SHA256

          7f3e38478d53875c1f35d67fc035067274bacf9df8285889ad04fb143dfdddd8

          SHA512

          bd09744894646081e02b9e730c68c82354e3907c419578bdcb45d52c99d909d78ee084c8948b99d14ac6c8dfb343c9eb9197af039c5ac99d356440efd10a4ee8

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZLZSVZE4\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6SB1654C\setup_cX6CGdSefG[1].zip
          Filesize

          42KB

          MD5

          1fcaa223faeb6060dc82c7ec9117e680

          SHA1

          328e97c1d21f6bb026be6e2ed8c45cbc3fe3829d

          SHA256

          a8fcfe8c0bbe238a6b7cbe33019517e760ba9bdcba66325201b48be4ac1e5637

          SHA512

          b06a92bf36950e8896478294f3f011f9f13a7fcbedf5bb88cec4dd4aa2c7828785a738fd73be1529e320334671cc8043319aed5694c7399c311fe858b7cf7a3d

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
          Filesize

          854B

          MD5

          8d1040b12a663ca4ec7277cfc1ce44f0

          SHA1

          b27fd6bbde79ebdaee158211a71493e21838756b

          SHA256

          3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

          SHA512

          610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          b3a70a62a29f889a9ae00b9e59453e15

          SHA1

          a14c5c4c12062776f5c8038122dc66affd7d7e23

          SHA256

          fe8f7b54b8f4f8e6589112ac86ff4b9ccf51dd3262cbaa5b51198f308488e89d

          SHA512

          43c1ccb1e9f4d841c5e90f5e18392de88db84e13f2eee41709dbf8ff6dd06796563c6a8099240f67cffa24273828fa6fed0999f90ba166daf293a1ed4d3e57fc

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_857450206B889F4FEA0F888FA03D68DB
          Filesize

          471B

          MD5

          7a81932376e06ffaa8100e935547280b

          SHA1

          fa41d8ae7a06c72cfd54429de5979cd05e9fb25b

          SHA256

          29e4d7ee928e310c74f8f085345b85ea973bfa3fa2ed18037e0c8d016bbcdbe0

          SHA512

          c223f606f1c3f261b6ec7670298a9bdd342975d4c6f33b1ff24ae7dfc4e13d8d7ae6f4ae669e64f6fd3b92b428c8b896896647419b9548926f12e9ed9f99ac0c

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
          Filesize

          170B

          MD5

          6f777dac6f93a42d0f50ddd87950da08

          SHA1

          5c601962ed53b755c46c073c1ceba41e7e9f9392

          SHA256

          ba148785b3d11ecf22e4bf353670232018ad924ddd3c7222e513374c98f1d693

          SHA512

          470e569134b5b903f1984f4caf591e522ea5ef4fccf3f304e59008906535733fab7014278e1d27e4c60ae71c9aec3d7ef3ab593458d956072a2c26e155d79c4b

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          9179925684c6b9aaf59ae5d4012b7358

          SHA1

          63bac9e19f61acd4e15406bbb70f3e55b2c66d22

          SHA256

          1e6b93aed843a9aff96344991a0348f4017bb3c83868b5935f02af4586b93e93

          SHA512

          28e8120f1c716782c9d3821f3e14fc73ab2f802216c577329f959d06c4473582db93eb1069a4aecd7266baf38c7ab5a209c9e6e06dc7f48fb4c51331b1788422

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_857450206B889F4FEA0F888FA03D68DB
          Filesize

          402B

          MD5

          deab35a8f0b703ac65cd6d6d36e59f4c

          SHA1

          95b329ae08bb8411dc0c15013c6a5031f3fd2046

          SHA256

          efd6777a5a3b92e76dad69571b6fc887769757db78ff432901eb7db9d5313e3c

          SHA512

          31df676ce8425754eb07e6ab557623b98e6f4b7e1cb58b68338dcc964bcbd6505602111d31d52f810d7a70bdc8ae7f572b50d452e2c863ea445c743d1d3398b9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-HNG1N.tmp\setup_cX6CGdSefG.tmp
          Filesize

          694KB

          MD5

          e1c26c323dd52cd731320cafc0d2bd89

          SHA1

          6d4b246cf638917954050b0b54af8912fc8458a2

          SHA256

          2b59a5d1e0719242d3049602b0be47f55460f256991b35c130bc2ad7563d435b

          SHA512

          b61122c6c73c03af13bf016d3ef98ef51f2e26f99285cb6cb6d23bb24288b5978275bbf8d5d0620e1e79dda0dc1a852599de79dfb1f0a79b960083118a311943

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-F8493.tmp\_isetup\_iscrypt.dll
          Filesize

          2KB

          MD5

          a69559718ab506675e907fe49deb71e9

          SHA1

          bc8f404ffdb1960b50c12ff9413c893b56f2e36f

          SHA256

          2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

          SHA512

          e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

          Download Submit

        • memory/380-224-0x000001A56D0C0000-0x000001A56D0C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/380-16-0x000001A566920000-0x000001A566930000-memory.dmp

          Filesize

          64KB

          Download

        • memory/380-0-0x000001A566820000-0x000001A566830000-memory.dmp

          Filesize

          64KB

          Download

        • memory/380-35-0x000001A56AB40000-0x000001A56AB42000-memory.dmp

          Filesize

          8KB

          Download

        • memory/380-223-0x000001A56D0B0000-0x000001A56D0B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2276-68-0x000001F2E93F0000-0x000001F2E93F2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-129-0x000001F2EA000000-0x000001F2EA002000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-325-0x000001F2E9C80000-0x000001F2E9C82000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-345-0x000001F2E9DD0000-0x000001F2E9DD2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-327-0x000001F2E9C90000-0x000001F2E9C92000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-131-0x000001F2EA1B0000-0x000001F2EA1B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-123-0x000001F2E9FA0000-0x000001F2E9FA2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-125-0x000001F2E9FC0000-0x000001F2E9FC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-127-0x000001F2E9FE0000-0x000001F2E9FE2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-347-0x000001F2E9DF0000-0x000001F2E9DF2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-66-0x000001F2E93D0000-0x000001F2E93D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2276-70-0x000001F2E95B0000-0x000001F2E95B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3964-45-0x0000018A4C280000-0x0000018A4C380000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4460-2194-0x0000000000400000-0x0000000000CDC000-memory.dmp

          Filesize

          8.9MB

          Download

        • memory/4460-2421-0x0000000000400000-0x0000000000CDC000-memory.dmp

          Filesize

          8.9MB

          Download

        • memory/4720-383-0x0000021369EC0000-0x0000021369EC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4720-429-0x000002136AC10000-0x000002136AD10000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4720-647-0x00000213589A0000-0x00000213589B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4720-645-0x00000213589A0000-0x00000213589B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4720-379-0x0000021369E90000-0x0000021369E92000-memory.dmp

          Filesize

          8KB

          Download