hxxps://ify[.]ac/1Ic5

Resubmissions

14/07/2024, 14:46

240714-r5ksyaxbqh 8

14/07/2024, 14:43

240714-r3y8jsvckq 8

14/07/2024, 14:37

240714-rznmmswhra 7

Analysis

max time kernel
232s
max time network
231s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
14/07/2024, 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ify.ac/1Ic5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1640	setup_8wIJXchoz8.tmp
4680	cd2mp3converter32.exe
2172	setup_8wIJXchoz8.tmp
4080	cd2mp3converter32.exe

Loads dropped DLL 2 IoCs

pid	Process
1640	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 23 IoCs

pid	pid_target	Process	procid_target
112	4680	WerFault.exe	107
4160	4680	WerFault.exe	107
4384	4680	WerFault.exe	107
2544	4680	WerFault.exe	107
3436	4680	WerFault.exe	107
4968	4680	WerFault.exe	107
4152	4680	WerFault.exe	107
2196	4680	WerFault.exe	107
3136	4680	WerFault.exe	107
1976	4680	WerFault.exe	107
4428	4680	WerFault.exe	107
572	4680	WerFault.exe	107
1356	4080	WerFault.exe	138
4152	4080	WerFault.exe	138
2196	4080	WerFault.exe	138
4532	4080	WerFault.exe	138
1776	4080	WerFault.exe	138
4788	4080	WerFault.exe	138
2764	4080	WerFault.exe	138
5072	4080	WerFault.exe	138
4736	4080	WerFault.exe	138
2736	4080	WerFault.exe	138
1036	4080	WerFault.exe	138

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\setup_8wIJXchoz8.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3368	msedge.exe
3368	msedge.exe
1956	msedge.exe
1956	msedge.exe
1276	identity_helper.exe
1276	identity_helper.exe
2036	msedge.exe
2036	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
1640	setup_8wIJXchoz8.tmp
1640	setup_8wIJXchoz8.tmp
4680	cd2mp3converter32.exe
4680	cd2mp3converter32.exe
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp
4080	cd2mp3converter32.exe
4080	cd2mp3converter32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
1640	setup_8wIJXchoz8.tmp
2172	setup_8wIJXchoz8.tmp

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 4952	3368	msedge.exe	78
PID 3368 wrote to memory of 4952	3368	msedge.exe	78
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 2480	3368	msedge.exe	79
PID 3368 wrote to memory of 3400	3368	msedge.exe	80
PID 3368 wrote to memory of 3400	3368	msedge.exe	80
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81
PID 3368 wrote to memory of 5012	3368	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ify.ac/1Ic5
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8992a3cb8,0x7ff8992a3cc8,0x7ff8992a3cd8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,4977159819964245865,18002424067291212669,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4968

C:\Users\Admin\Desktop\setup_8wIJXchoz8.exe
"C:\Users\Admin\Desktop\setup_8wIJXchoz8.exe"
1⤵
PID:2384
- C:\Users\Admin\AppData\Local\Temp\is-HNT5P.tmp\setup_8wIJXchoz8.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-HNT5P.tmp\setup_8wIJXchoz8.tmp" /SL5="$702DC,6021466,56832,C:\Users\Admin\Desktop\setup_8wIJXchoz8.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1640
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Delete /F /TN "cd_2_mp3-converter_7142"
    3⤵
    PID:924
- - C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe
    "C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe" 5915f2b939a0a3256128eacd9d0a642e
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 840
      4⤵
      Program crash
      PID:112
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 848
      4⤵
      Program crash
      PID:4160
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 912
      4⤵
      Program crash
      PID:4384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 1044
      4⤵
      Program crash
      PID:2544
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 1064
      4⤵
      Program crash
      PID:3436
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 1052
      4⤵
      Program crash
      PID:4968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 1104
      4⤵
      Program crash
      PID:4152
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 1044
      4⤵
      Program crash
      PID:2196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 1112
      4⤵
      Program crash
      PID:3136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 964
      4⤵
      Program crash
      PID:1976
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 932
      4⤵
      Program crash
      PID:4428
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 152
      4⤵
      Program crash
      PID:572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4680 -ip 4680
1⤵
PID:412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4680 -ip 4680
1⤵
PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4680 -ip 4680
1⤵
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4680 -ip 4680
1⤵
PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4680 -ip 4680
1⤵
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4680 -ip 4680
1⤵
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4680 -ip 4680
1⤵
PID:424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4680 -ip 4680
1⤵
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4680 -ip 4680
1⤵
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4680 -ip 4680
1⤵
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4680 -ip 4680
1⤵
PID:4792

C:\Users\Admin\Desktop\setup_8wIJXchoz8.exe
"C:\Users\Admin\Desktop\setup_8wIJXchoz8.exe"
1⤵
PID:4560
- C:\Users\Admin\AppData\Local\Temp\is-5KVI1.tmp\setup_8wIJXchoz8.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5KVI1.tmp\setup_8wIJXchoz8.tmp" /SL5="$3036A,6021466,56832,C:\Users\Admin\Desktop\setup_8wIJXchoz8.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2172
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Delete /F /TN "cd_2_mp3-converter_7142"
    3⤵
    PID:3960
- - C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe
    "C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe" 5915f2b939a0a3256128eacd9d0a642e
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 812
      4⤵
      Program crash
      PID:1356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 820
      4⤵
      Program crash
      PID:4152
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 836
      4⤵
      Program crash
      PID:2196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 1012
      4⤵
      Program crash
      PID:4532
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 1060
      4⤵
      Program crash
      PID:1776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 1060
      4⤵
      Program crash
      PID:4788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 1112
      4⤵
      Program crash
      PID:2764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 1120
      4⤵
      Program crash
      PID:5072
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 1168
      4⤵
      Program crash
      PID:4736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 936
      4⤵
      Program crash
      PID:2736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 832
      4⤵
      Program crash
      PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4680 -ip 4680
1⤵
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 4080 -ip 4080
1⤵
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4080 -ip 4080
1⤵
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 4080 -ip 4080
1⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4080 -ip 4080
1⤵
PID:2396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4080 -ip 4080
1⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4080 -ip 4080
1⤵
PID:204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4080 -ip 4080
1⤵
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4080 -ip 4080
1⤵
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4080 -ip 4080
1⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4080 -ip 4080
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4080 -ip 4080
1⤵
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5Concurrent.dll

Filesize
28KB

MD5
b32b3e4dff5a38135fb4b6eca7db6060

SHA1
c68e59f3342f39a68cab627665acd4a8e18c2516

SHA256
c0eeffa6eba75c15db545198903f9d7536521762f7d55dc2ba6cab8f487919fa

SHA512
f62862e6c71a749d4ee7c0d30edf9a0c0abd05cd73b8ae5e5862678e8b3266cde7c039e29956953ee94d43f2db2fa2025919789d0e4afa236047373ccbd80126

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5Multimedia.dll

Filesize
781KB

MD5
0303b15a536f0383aecca1737e6e2d29

SHA1
001eb9623de95cadd4f8ec2ff1a571fb649e0938

SHA256
e788f9d007f9ceb41616b0b1165ffb94c6649956b8873583fee5bbaa5a1ce94f

SHA512
76979e5e4ba68dc23746ab2ff2a7dbf63f12d5abdcdaa2925fce9ddec2d78e6e46d073b6199a11cebd57994624ac344b4ab0d1c24850e8749e03a49d3943fc73

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5MultimediaWidgets.dll

Filesize
100KB

MD5
ab45c071f3c430ff80019799b6c49fd5

SHA1
94f429c76a3e7e2accc850e492450fa8904eb1d5

SHA256
ef4db92010d70e632296ac93ad0f2bbc3b1b3098ad397a5a4f6e134818530305

SHA512
052f784d20f4a7b0a9f537384d17f00823ba805f811c57c2b7b2ac8d5c38ade005df2d4ee7daaebe76c5fef8aee1ff5acfe49e80094033fee422b2bb5cce13d5

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5Network.dll

Filesize
1.5MB

MD5
a81f5fb9cec6a8ab27128e741bba8168

SHA1
0cb5fb7ed33b5cb418fa679175e87e70cf1d8ee8

SHA256
8bf02ebcb732d23c94529a0f6b8702f82bf459fe0e1dcd641b404884ca41db57

SHA512
10424d30eb9ee79695b93168c21793989b2f5158d120e72a0a595a5bc48f1a67524f726350c7d36c4d8c2ae1d5659cb7dbd190f052da8f4f0ea051ab69ea166c

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5OpenGL.dll

Filesize
327KB

MD5
c1d465e061d7d02895daeb19bdb28ac9

SHA1
5e729ee51df080545c7031d771b85094a2b2d4e9

SHA256
777917d30f277a9e88d8fc04e69b955a2b0bd3f2bcf2e36f7f9cffef2583ee60

SHA512
438adaa0ac3ad47621d288e3ff56493cc7de4e2a89fc5420e246a6045db79e7cb84a28d3f3420841340ab33bd632f12fdc3a4e9d8ef99601ca9f975b7f8309e1

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5Positioning.dll

Filesize
242KB

MD5
3eb507cdda6010014e2a692ff2a2a008

SHA1
18738dde537e7b77fa57b4f7a564679a1f92d16a

SHA256
20ab110602eb79e2039f99fbafa16fc1c8a436002022916e9bc586c35fa459ea

SHA512
994350cbb3fd7fe9caa5e34977b1c181295d23c23c658f286f71cbc7b72130b67f9120ae76b97801eedc3f86c353a4416ff694303c33411e9abd41203f1d75a8

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5PrintSupport.dll

Filesize
349KB

MD5
79ff45559fa35e9b48ec486652010d09

SHA1
35586c0d8bcd3c738459ca9c0dba8d167169f349

SHA256
00a3cf7f2fbd4acafe749bf65040328bc67165dbeae6f8f629d7e27202ed9844

SHA512
a9a7d4173e1186f9b8b665b2c7908717addfc427853716f2cc21c52d60228e60e655d4e4bc29a16f0a63a47f1b605224299b35ad16192b1bc314ce0e26eb3dd3

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5Sensors.dll

Filesize
194KB

MD5
a2c7c70e326fe148a9ba33dfdb828ef5

SHA1
96805ee9da4d083f76a113f73f9078c096ba7bf5

SHA256
07013a57cdb1442eee6ce699a11265555944ce56b587c888910c09b610d18a23

SHA512
6ccd470852d3f17200116b7f72be035223fb1d46a52acf119f1d6969c816fe75bab1f63cd93bffbba83722dbfdda03bb8e92544dfabc333ac53131dbd5dd8d6b

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5Sql.dll

Filesize
253KB

MD5
2c7b9071cf540794c209d3b87a29a0ec

SHA1
6f64a3fe1cdbc6a2b51cb698a93402fc683de320

SHA256
85cc8a03db59c4e6a0c39a9b5e3d47633a06550863c4f4175a77e25bf00c647a

SHA512
6a9075de9dd1236a5b13ceff1831e6c7b7a9166c588bdcbdae54193e59ff9c8db504af67f729e013001ad81cc508690fd22e4818ce58dbde7dc4a3b8c6bdba89

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5WebChannel.dll

Filesize
123KB

MD5
4b2db8fa8a9b55bcbc02f29f12c93f93

SHA1
b4c149c55472bebe10694e6b82758bdf4c82d05c

SHA256
e97acb579d51036311484daebf6ac10472db603c2ba405e8de32eebcebf3f925

SHA512
f314ba3bc256d8d4258f8565fe8f11f29bdcdedcb045696cc94d007ce0f75ad155f679fd486bcdd71a156d097706b8d59f61ae3039d770ad31b0a53820d1a63d

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\Qt5WebKitWidgets.dll

Filesize
268KB

MD5
eaf7ce27554bcb5500611351b344b083

SHA1
c8bee7c36a8bee1d5b6af62af3ab760d5c09f1ed

SHA256
a4b45c536fc0ae58d016b3726d2eeed8a45713a6ec527e91028af48f04c9b30a

SHA512
b76888d4c64a1b7979f5b019437421b5e29b48016658e058ff7fa6a67b8e8fea69f3536db509627f8fef6fbf56335cdf415d2da908505b61f48dde98cc7fbc18

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\cd2mp3converter32.exe

Filesize
5.0MB

MD5
566a453849e6f66556016d4387d72a82

SHA1
fa8cd416b078d88df80f94bfcd03c10d20dcb54b

SHA256
bdfeb8322f124276bc176463477379a1c1feb2199e5cf972f171cccf9a0e28f2

SHA512
6d59527a6cc28e80864314ee86a69787c132195a9d395371d574465392c9f4c2ef48136c1745c9194e1e72ae4d71590871ca6b465c1fdf1acc9484ce056e1356

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\firealpaca_mdp.ico

Filesize
278KB

MD5
0a5c212b63615b99702d1bf133953e8c

SHA1
58ba5fe581dbb2204768facba14e752aec79098a

SHA256
f418ad194a04cdde6a705a213f7a7c33e83251ee21d22a1aa535092ab63d37b5

SHA512
be9bd72768c5b2bcc8dc271a91bc213493b5f017eb6809394840759c7cb3b3740c58a002ae437ae115d2d8f7074ad46287e7755c2b2d2c4c0abf91bd929319f9

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\imageformats\qgif.dll

Filesize
32KB

MD5
20d7a6cfb946b22a816d92ed57b51ce5

SHA1
0af25d85e631e96f49ac9772301726ee78e0823d

SHA256
a51efadb5492658449d095079e2d53808a045341edc6afa453a9536e61b2fa3f

SHA512
0a3975a9032dcb18a06360752d4f39a74c2e82d6e0e77079c25e7d4cc03d9ca12af26ae04208af306edf9986552be456cff26091d4cd1286ca5fff3ca67ed3f5

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\imageformats\qjpeg.dll

Filesize
241KB

MD5
24583405f8bcfc26884f221a2a9eb0c9

SHA1
8dab67860832bcb9ca9a99007149f6d7d6dac303

SHA256
28f7688622dc5eeffe960b7d906a2fe800ef4ef2654add389aa84ef7c6edcade

SHA512
c39e14619e6a225baa5cc6b110bdbcfcdc2f51ec76413d6ed302b0faa2daeb43bfea2b290936665a76b224ffb5d8822885581f02b533a6b052fb39f7f10b730a

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\libgcc_s_dw2-1.dll

Filesize
117KB

MD5
fadde43c97607e4445a6f924d851f04e

SHA1
36c1aa0e1b6d4a322c350f5e502c10c64c203041

SHA256
f0614835136413217ed3baec9ba22aaac4c37956afcb0209f1f89b7676ae86bc

SHA512
66f5637419f88070838ed522defad9aa1b46dd4fd8cb045e0292742831520740d152795b6e99770f34061db596019ef3a342a956b541180e78d1c48b2703f42c

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\libstdc++-6.dll

Filesize
1002KB

MD5
c283d446b34e75019b81d0981cb11f0d

SHA1
a6e146975dfc55b0659d09e25b9a69f7cff993dc

SHA256
f6530962659d0641236a42517a30dc55c4fcb7d30e942c3e820af343798a770d

SHA512
eb51969a79ee4501c955a81cec9f07e9a39007c1ea69c5021e03ebf3b640d949e19f6e0cd7af969e80ec60ea6b8477804fb76deec2704db503e72906103fea63

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\libwinpthread-1.dll

Filesize
48KB

MD5
d128ae39a79e5d196fc001907b5ec3d1

SHA1
71de74d0aa93903e0a169c88fd21e0c617f0660a

SHA256
4195ac1e3a4a8056de42c31d511e0e595772439adba96180b8953ef5f135f7a5

SHA512
5b32eb7e2f01fb17ed0c4434a525ae3056acddde75c32c5036c18b6f2ffa4cf80cfee9bab4c824ca313e6e33114ea0e761dc8f75db3bbbbe4319c079848a3c06

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\platforms\qminimal.dll

Filesize
31KB

MD5
b747471f055b61bca1c77ea549ec3db6

SHA1
7421bb89c50e52d45f3baa8a3e789ee3d6f18cf9

SHA256
19c2a0f8dd954fe7a3214b4d850800df1bbb80ededcdcc233783e6052bd1fc51

SHA512
cf7e5f81e062864feb8bc6767779094f08a94d7816203302dabfc88df2acf75e7239005f079eb5fa81991255636a47f977d466e5614a909a10c260eee45b4d9e

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\platforms\qoffscreen.dll

Filesize
654KB

MD5
3acbfc4441bec4891a6d11f7695a189a

SHA1
28843a7ff8379feac622e8f0ede50961da468bd8

SHA256
72380b2cec8d7f403ff991638caa2b9b231890e9dd8208030662b707f580aacd

SHA512
241a29590f6be539e07ffefb04d8c79fdea0de35a23c3bd51f25bd1f16e87ebf6a9418db51a36772ea87fbccc52866ac785cc6e3b5ff40a653095c76a8af4851

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\platforms\qwindows.dll

Filesize
1.3MB

MD5
bcfee6b4161d9bec56bf97634a9b9c2e

SHA1
3040622dbc625dcb8be6ab2ce2405da157e44c35

SHA256
e09ca14953574cf748a96596242ca415c1fa8bbaa4997aebb698e8ca8b1e518c

SHA512
df97bd1ab2056c6c13d059a1eae372b2c4f0ad6830ebaf2b88640e00cfdc6081e7e3647fa267886cf501f8ee89c00f6354332c172551dd56b6975b32c6002a8e

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\printsupport\windowsprintersupport.dll

Filesize
43KB

MD5
802b73d63d6e47dfc5d9a7abe51bb025

SHA1
ec002f4145a8d860a996294d6b4aa24d8910abee

SHA256
5e2a3b61393599618fc306769ac955cde94409b76b71fc8aae528de2b2ee68b3

SHA512
c2e91574b82721d12589ea3ed2b2171a43a8f0068079793304bf35e508a405bfdc84c64d5ba6d538fd710f634483016461bb1fde9d4d8f08be8b4d62bcbfb2ba

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\qt.conf

Filesize
48B

MD5
3bb131d6862fdb57979f6c859c7af30e

SHA1
e7fb2dbd1f76a1f53f00b03dee50f7fc88cc244c

SHA256
3f63cc3979f035e87c272f895b24b107ace6a9265ea362a49ec823f333693d14

SHA512
5545e5fe744818a49aded5451a74d63cae091e6e95eb0e94738454ec19388546191265b5526ebff0a07aeedd73102d6b5ec0ddfe1122014597b728fb2e17d41d

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\ssleay32.dll

Filesize
270KB

MD5
0e42fb7c0ad61d48bea2488c0c88581b

SHA1
2bfb621a42e3c12af442091b246ce4ca7db7b070

SHA256
5f983e8876256fc1788d389f6903d5a60742fa27a0613d569efc9105ed524313

SHA512
6e6c27a3e61ac47ac0b4603493017427fde9b1ef7ce678302c1451bb5fe7ad76fb4cbfd3384ec68da6bb1bccb2cfb3d2e998ff8a24fc1b48e55ef048bf4109e8

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\unins000.dat

Filesize
6KB

MD5
1796ccdc07a6cc95ae4f7364be21441a

SHA1
d21d58b9de3bd8c158473ae1ebd0656950f0af54

SHA256
c1fda3ab45999a71e94d775b36c8bf5585233c2a1f6e3d19589d3a77e98ad042

SHA512
8b1727718102b7e01722e8a6a04a2612e51c628c6caddb3a6bba997d264b84bfeeebab4f0cab93da45ee1a3bc6e1b3d7c0fd6ea68eb1889298acf153bb22a2e0

Download Submit
C:\Users\Admin\AppData\Local\CD To MP3 Converter\unins000.exe

Filesize
705KB

MD5
50e0e3b91c65893489daf14482ace155

SHA1
2bef07d51e547e87a910623faeb7d897a098eb70

SHA256
42c6fe49f4144d4cc2a253873e17e059dfb26fe97c45bc769718f1cb42819b12

SHA512
353ce21b249f366639dfb64ee1da128b9e6306a54cf9eba39b5c3dfbf96ce2a70267325c754ebd3895c644b4f2234f48d739c5f8760ab4bd5244ebc261b82b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0f062e1807aca2379b4e5a1e7ffbda8

SHA1
076c2f58dfb70eefb6800df6398b7bf34771c82d

SHA256
f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca

SHA512
24ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f3725d32588dca62fb31e116345b5eb

SHA1
0229732ae5923f45de70e234bae88023521a9611

SHA256
b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140

SHA512
31bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c4f7c4aa371cbe84c26674adb89cd902

SHA1
d84ca84a55be9317cab7873d9a53eac0a72e4be8

SHA256
da93e63d8f55cbf701ed5c1a413423dd98362ec656453feec24cbb1aeba665e9

SHA512
732e9e82f949959e6e795537245b26be2ecfb7f18a951b6a656e28d82f7a57c71ea6fbaaacfedc0f62547a6bb02e6f044cb90a9680c9954ee427e9ac6d362073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ef82c77479273e106d46e19da7fec23f

SHA1
db7db85b36e83b8af139635743f2f66876704b29

SHA256
4c1503ec56496174d9c5b393c912232ebe590930e331ad360101b6ab4badf168

SHA512
7093bd71d7162b13856f1cf8e14cb45f42925939f03bb348113eee820c87f9fcc9620b5661e9cb45f00cf1cf500e4cdd55bd7837bc97d93a422225f0c3cf01af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
75cf32a7061f4723c1a279cedce8b013

SHA1
4519fa1097e303009782cd0396a360c3e3835ee4

SHA256
8806a59fb43719babfc4ec9bf823bcbde42e215ab785144781a895c84b2f8e86

SHA512
e1f7318e960b14c8c499f014665fa2a292f5674181331e53f8be280ab7a64d05f23f03d87aad6f4c9f78bfa10dd4ce8737d399a8bbd0a44e13dc6ca959ba9ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e061a487d7648c89955da17bf1894c53

SHA1
93f3d336a6a2af2f13772bb898af038faa17775a

SHA256
5054afc15aaacb1e630e74f1c371ea690ccc71fca8f5775b9eb2b345abff79c1

SHA512
c6561c967a0e77341686bd7b25a4c998135ea8d04f0410bbfe4e38a98d42582fb4c1cd4195475a2df523005f2b6b05e3494c9fe8754610454e58adbb1fb55552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
998B

MD5
b1f1a333301a471f4051ed40be5b7ec5

SHA1
0df08a09f583e847c1c8822d8587c24e028d3e02

SHA256
44230d81dae4793c724522a5fd358c116d3b7578a8825b95071e1e17504ddc3a

SHA512
d35597eb92c292cf1f4426e1ca9020c92a0822878abfcf89bfe26475acaf80238e7852116139c2309305f150ddc023481457b939bb445308ed0bafa16c11e108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
50b1277bc7eb29057821f7039be2bc12

SHA1
3d06e637a32a4c7070f5da6518f1d369904b1b75

SHA256
02822691d1a968952662443cab14498f6b60894260d4334cf08128b7b32b0144

SHA512
9c3cc543353a30cbe87b08452631d7de9e3d6b5dc5472d369828243ab1955ec25b942199764c2ca45fbd4d830ce7a8f7b2589d0238823b242bb0c4cfef9244f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
959e7b405dde325e4eace3bcbf19d351

SHA1
2070cbcbe8a991e1d4438984c708342e31806bc0

SHA256
e62f1010ee6b6d15b5dc6407aa33f58741d5f420a2a9bd8a53b5417288d33438

SHA512
f7603592316ef7e51dece09c2dcf98e03e24208f2d53dd191debbbf182bab4b4c7529f52a13d8920fc1aa80f1f0d576ba759e53d091506a24075c0f8b1a3913c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4a226ece85443e882fd3eda5c8b99a72

SHA1
926774b416582f9accc7fe935dbae302885a843d

SHA256
6ced06e901cacb9aa9fbd38998c751e2218d15c01cd43ff7cdd1f6495375cffc

SHA512
88f04c30a98d3cb79286f22f7f7a486f747eb5c27e8e2752199661d7572c2282503733868c9fcb10a848d19d5729077d3937c5560a96a9901e678049e8d80f18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d57d8b68b162e39cf9a98d3fd78b8e91

SHA1
8dd6a9aa1f44a9505ad021a2af95cdb1047349a1

SHA256
fb001c972a36fe84c2933e3e02e8cf75fadf12bb5ba394a75a48e5b295fb5d5a

SHA512
5ce69fa48ca9f6c8f42062e9944eeaa7f21f5da69daaefb43f27434f16304a6d6cf483085d15acfb66acc9cfdad9927e05b3924954670b392de59434ddb2664f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16ed45de780bd01fbab0e78e2cf19eb8

SHA1
714cd5ed5ca368e2f98d1e3214aac94eee31cb5e

SHA256
c9e2cbe9d9435cc27242f37ca20c7eedbde9e38bb31a00f54a077f36d167c68a

SHA512
f9e2f1d223b076995db9183bbbfb19c6af5bd40a8e7b27557b3b58bb348653dc943bf01641b6184dbbb1d51c03e56b660864a7d143814aa3c4c324508b1997bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f74f2d6abe087adda701e8e632a121ea

SHA1
f6c296b28c98f3d4a40cc6563392c1d529513052

SHA256
deb442798c57e7bdd3b1e2023cf63c41f075834245d2681b76cc25c62c5f5092

SHA512
66f4b30ab9df2d016adb4b6e05f7ad22bb12b41b3a7b0f8e40a74128199f64fa03fd9fab4d82c7a67d1562d957b721b10f51dd122c6f391fd5a60536cc0bbf71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584467.TMP

Filesize
48B

MD5
583da5f94bd5d5b47c9a67aa38cc1f8c

SHA1
78e2391068820d0ff4bcf410ec597cecd7cab6b9

SHA256
19dda9488b957de2a877b4d65621b169bc5d013b4847f2a050e372ce9990b081

SHA512
bf38a74cb942a82cace4dcaa38859b42a26771e7811ae94007e2f3891f4d28f1f074e341b7c17d964396c09619ae2b8eb00cd86e0a75059f45a11c7ae7806efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
9aa42840da029a01f9da76e332345cff

SHA1
70ded5a2886ec26e63333c159d9122bb5ae870ba

SHA256
bfeaea07d343f16f436f5910000b8ba030a7d1f0338202ae75dbc32bf40a1d9b

SHA512
6da4516845a4d5fd8f5ebfd0a8c9fff14b01c433f88fa227b9bd395660d07042c0a32f288ff05966ed533e1db6a9b8fe5f435b93997a2d7596f4b87ab8684cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
20d2409432c9371f8183658f850c6bfe

SHA1
8bc0da48a132dfaaf7e352cf8a0419113d64ed03

SHA256
554ac499782414dac147684faeba7700f52c4f6d1411c8b67cc3ed0c8cc1d4e4

SHA512
098d2b7a5815eb2c9c62ee10624204a5af982f36857688aa9c8f1e177addfb4552c853f712470b90e715ad2a46c141e7b6cc35e5cd96e580403f0156dd3389d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587d78.TMP

Filesize
538B

MD5
422c450aabcd13266d9c49d4003a062e

SHA1
f9937ac229e58a0e94292d27c2cd3306e31d69c8

SHA256
43dd43c23ce447312390a6ac28da1da18430a7aca1c10ddf157690318142d741

SHA512
f98ebd79fccfbc4ae05edc759df20867462d40a9c5fcc900b3af93382cccd59f0d257303d1f23de35c9d81a35427a04d4f031bf7b7c217452e89b6bc0ca361ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a90a520e0357b8cf7f93f4958f6a7a7c

SHA1
e39762738149fd3d9dfe496bf68de394d529ec73

SHA256
a1f8bf7731a23b2262bacdef5ea87b890ca8f00e177ca376a73d1f53c94a9370

SHA512
70bdc4d11de7555d856aaf71279b7def6628f8f81f39a4ee24a26d38448c0bcf96fcf77323411254a91117f000011be718970ad06042c34ff70da18081f63c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d4c283f9886ae29b610ef7e5108a02c3

SHA1
3e17faf912d37c97834eb8050fb0d785aca5aec9

SHA256
673f38b1989c7041578ba9f2f54b86c0796dd2c1a9ca0292c9f84d858ab21a96

SHA512
c9dca968401fd65e1c23fe5ba0f2d21990140d5a648726dfe47ce23cc77d8056b0a6d46de62541ca10166c5be0e023e0db4e059f772a0784491b122c4f48c44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48b696a9693fd3e64861bca452f2c5a4

SHA1
97469bbe373dc18d342fc0cb521cdc9411ccabd2

SHA256
a394317ca84a58ffd71b5ed5d9b7932cc1a5d546a33c04cb3ee6053c89aa660b

SHA512
26085d60e04beee9e96f3ae9c00d6ec4cde851a716f220101e0169a9eeb65f613102d87715818196ed7adb3082299c692f94e402d60c044ad2733a25771da82b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-41FPL.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FCPL7.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HNT5P.tmp\setup_8wIJXchoz8.tmp

Filesize
694KB

MD5
db27fff497c241b83080efd96ea21dc4

SHA1
d545153fe0a3694df421dd79bf2d389ca1b256b9

SHA256
f27a4dd75435dea477405ad2fe2b4b16b1ac56a25e4ac2ba1333467c21d5e377

SHA512
c76b24fbed2fe4d3fa217f4337c9db54e76897b9675b37a2fbe99d5de63f51708fed566905873b8359bfc4b38d7a8b4623ab4b0a103e9996129313e1171bbc40

Download Submit
C:\Users\Admin\Downloads\setup_8wIJXchoz8.zip

Filesize
6.0MB

MD5
a14a811ac91c4435695e1f871439a620

SHA1
bd02f840629d03493fc10ed9b726976379de9824

SHA256
ab66c67bd4f752059cc60faa806cf20a0666337e5fefb7cb67cafe497211fb57

SHA512
b5fcb5f60e0a35c38a08605a2236275bbb9c129a462eac9b4b2b36c44254d00e1c0a1c99390daaa1b9780945a8593ba36b25c34678a88355df092ffe1ddf8a40

Download Submit
C:\Users\Admin\Downloads\setup_8wIJXchoz8.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1640-411-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/1640-457-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2172-477-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2384-410-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2384-463-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2384-339-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4080-475-0x0000000000400000-0x0000000000D0E000-memory.dmp

Filesize
9.1MB

Download
memory/4080-478-0x0000000000400000-0x0000000000D0E000-memory.dmp

Filesize
9.1MB

Download
memory/4560-419-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4560-476-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4680-418-0x0000000000400000-0x0000000000D0E000-memory.dmp

Filesize
9.1MB

Download
memory/4680-415-0x0000000000400000-0x0000000000D0E000-memory.dmp

Filesize
9.1MB

Download
memory/4680-412-0x0000000000400000-0x0000000000D0E000-memory.dmp

Filesize
9.1MB

Download
memory/4680-408-0x0000000000400000-0x0000000000D0E000-memory.dmp

Filesize
9.1MB

Download
memory/4680-409-0x0000000000400000-0x0000000000D0E000-memory.dmp

Filesize
9.1MB

Download