Overview

overview

10

Static

static

10

bf9f31608d...1f.exe

windows7_x64

10

bf9f31608d...1f.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    06-03-2022 05:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf9f31608deb672c319e79660504179b7f5c837cb5a5a21fed94bb8b7555401f.exe

  • Size

    2.7MB

  • MD5

    e3383885e03608cd7784ba4690493e26

  • SHA1

    b87077a44d2a2e75a3ded415feea4056be1559f0

  • SHA256

    bf9f31608deb672c319e79660504179b7f5c837cb5a5a21fed94bb8b7555401f

  • SHA512

    e957d2582e13a998cf3dc165be7a3852df19f469f212411545bc73afb36944be842826c0105045d47d9b4e9ef52f26f0612ce83ca37064efb567a3a420efb93f

Score
10/10
ransomwarespywarestealer

Malware Config

Extracted

Path

C:\Unlock_All_Files.txt

Ransom Note
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Hack For Life <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< All Your Files Has Been Locked! If you think you can decrypt the files we would be happy :) But all your files are protected by strong encryption with AES RSA 256 using military-grade encryption algorithm Video Decrypt: Due to the deletion of video on video sharing sites You can download and watch the video from the link below: https://drive.google.com/file/d/1L1qeBgY_AfjYVgO8FEZsViJxK4TBWXZI/view What does this mean ? This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them. You Can Send some Files that not Contains Valuable Data To make Sure That Your Files Can be Back with our Tool Your unique Id : ERSHGVROWVEJMHAB Contact : [email protected] or https://t.me/filedecrypt002 What are the guarantees that I can decrypt my files after paying the ransom? Your main guarantee is the ability to decrypt test files. This means that we can decrypt all your files after paying the ransom. We have no reason to deceive you after receiving the ransom, since we are not barbarians and moreover it will harm our business. You Have 2days to Decide to Pay after 2 Days Decryption Price will Be Double And after 1 week it will be triple Try to Contact late and You will know Therefore, we recommend that you make payment within a few hours. Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Again, we emphasize that no one can decrypt files, so don't be a victim of fraud. It's just a business Warning : If you email us late You may miss the Decrypt program Because our emails are blocked quickly So it is better as soon as they read email Email us ;) You Can Learn How to Buy Bitcoin From This links Below https://localbitcoins.com/buy_bitcoins https://www.coindesk.com/information/how-can-i-buy-bitcoins https://www.bestbitcoinexchange.io >>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Hack For Security <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
URLs

https://drive.google.com/file/d/1L1qeBgY_AfjYVgO8FEZsViJxK4TBWXZI/view

https://t.me/filedecrypt002

https://www.bestbitcoinexchange.io

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Program crash 5 IoCs
  • Enumerates system info in registry 2 TTPs 10 IoCs
  • Kills process with taskkill 3 IoCs
    evasion
  • Modifies registry class 64 IoCs
  • Runs net.exe
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf9f31608deb672c319e79660504179b7f5c837cb5a5a21fed94bb8b7555401f.exe
    "C:\Users\Admin\AppData\Local\Temp\bf9f31608deb672c319e79660504179b7f5c837cb5a5a21fed94bb8b7555401f.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\system32\cmd.exe
      cmd /C "taskkill /F /IM sqlservr.exe /T"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1932
      • C:\Windows\system32\taskkill.exe
        taskkill /F /IM sqlservr.exe /T
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:2188
    • C:\Windows\system32\cmd.exe
      cmd /C "taskkill /F /IM sqlceip.exe /T"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3096
      • C:\Windows\system32\taskkill.exe
        taskkill /F /IM sqlceip.exe /T
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:3776
    • C:\Windows\system32\cmd.exe
      cmd /C "taskkill /F /IM sqlwriter.exe /T"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3480
      • C:\Windows\system32\taskkill.exe
        taskkill /F /IM sqlwriter.exe /T
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:1948
    • C:\Windows\system32\cmd.exe
      cmd /C "rmdir C:\Users\Admin\AppData /s /q"
      2⤵
        PID:2408
      • C:\Windows\system32\cmd.exe
        cmd /C "rmdir C:\Users\Default\AppData /s /q"
        2⤵
          PID:792
        • C:\Windows\system32\cmd.exe
          cmd /C "rmdir C:\Users\Public\AppData /s /q"
          2⤵
            PID:1272
          • C:\Windows\system32\cmd.exe
            cmd /C "attrib +h +s Encrypt.exe"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:1188
            • C:\Windows\system32\attrib.exe
              attrib +h +s Encrypt.exe
              3⤵
              • Views/modifies file attributes
              PID:2108
          • C:\Windows\system32\cmd.exe
            cmd /C "net stop MSSQL$SQLEXPRESS"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:364
            • C:\Windows\system32\net.exe
              net stop MSSQL$SQLEXPRESS
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:2844
              • C:\Windows\system32\net1.exe
                C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS
                4⤵
                  PID:3500
            • C:\Windows\system32\cmd.exe
              cmd /C "rmdir C:\$Recycle.Bin /s /q"
              2⤵
                PID:1812
            • C:\Windows\system32\rundll32.exe
              "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
              1⤵
                PID:3744
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                • Enumerates system info in registry
                • Modifies registry class
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SetWindowsHookEx
                PID:2760
                • C:\Windows\system32\WerFault.exe
                  C:\Windows\system32\WerFault.exe -u -p 2760 -s 3940
                  2⤵
                  • Program crash
                  PID:2952
              • C:\Windows\system32\WerFault.exe
                C:\Windows\system32\WerFault.exe -pss -s 408 -p 2760 -ip 2760
                1⤵
                  PID:3404
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                  • Enumerates system info in registry
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:3864
                  • C:\Windows\system32\WerFault.exe
                    C:\Windows\system32\WerFault.exe -u -p 3864 -s 3904
                    2⤵
                    • Program crash
                    PID:3940
                • C:\Windows\system32\WerFault.exe
                  C:\Windows\system32\WerFault.exe -pss -s 520 -p 3864 -ip 3864
                  1⤵
                    PID:2752
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                    • Enumerates system info in registry
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:1956
                    • C:\Windows\system32\WerFault.exe
                      C:\Windows\system32\WerFault.exe -u -p 1956 -s 3880
                      2⤵
                      • Program crash
                      PID:3284
                  • C:\Windows\system32\WerFault.exe
                    C:\Windows\system32\WerFault.exe -pss -s 540 -p 1956 -ip 1956
                    1⤵
                      PID:3448
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                      • Enumerates system info in registry
                      • Modifies registry class
                      • Suspicious use of SetWindowsHookEx
                      PID:1880
                      • C:\Windows\system32\WerFault.exe
                        C:\Windows\system32\WerFault.exe -u -p 1880 -s 3888
                        2⤵
                        • Program crash
                        PID:2544
                    • C:\Windows\system32\WerFault.exe
                      C:\Windows\system32\WerFault.exe -pss -s 496 -p 1880 -ip 1880
                      1⤵
                        PID:3344
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                        • Enumerates system info in registry
                        • Modifies registry class
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SetWindowsHookEx
                        PID:3008
                        • C:\Windows\system32\WerFault.exe
                          C:\Windows\system32\WerFault.exe -u -p 3008 -s 3932
                          2⤵
                          • Program crash
                          PID:680
                      • C:\Windows\system32\WerFault.exe
                        C:\Windows\system32\WerFault.exe -pss -s 504 -p 3008 -ip 3008
                        1⤵
                          PID:2396
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:452

                          Network

                          MITRE ATT&CK Enterprise v6

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
                            MD5

                            4630081f726a6988308fdc6ca6106196

                            SHA1

                            f68fa8d5ece39066a973c2b36b34286a32167900

                            SHA256

                            0d99b8cdfc80f5963fe0355ed411c891894a46954da59915aac0074584c4e560

                            SHA512

                            0610097e5f0a8e51f7f4da31580482793b0c56705ac3def50dd2ee54da79737d0458202d3b3de3ca2b1881e022b514bbb9d62a837c8c8f217dac27722f1111c1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_10[1].txt
                            MD5

                            d5b99a96b5d53ad3d64c1c8d1e73f69d

                            SHA1

                            14eb8f849600bbb4d7a810e539f43cafd3d9165f

                            SHA256

                            61e3c2c222847577beb8cfba9e1686ca52e2796df9ffbce688c3fcd8db9692de

                            SHA512

                            708624dc6d2b613f3ea5bcc89b82bf9d4ae57fd1b779d3a0f3b859104359c352b8099d785aeb7d1c2448ea8c8ee61d6160228b6953be0085a3910d4bac34bef2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_11[1].txt
                            MD5

                            a64904fae0d2d79d79ea46a753ca4294

                            SHA1

                            517cdec472e6ffd6e565c4be940ee55dc48df1e7

                            SHA256

                            1f8b132eba955ae7cfbc72db6cbfab40b22d12214ec0c84a8037b1378edbc11f

                            SHA512

                            15841050a7079047d21d7f71e82ae04defde5a9a7919c0e1168dabacb429156acdc8a0dbb73ea69b36674d661ea81731dd368b771dc09bf9a9106a0bb654384b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_12[1].txt
                            MD5

                            e3047eabfdda0b0027926144df5c7add

                            SHA1

                            404083cbe1fb9e7226ad8b290ac0d7e758bd9be1

                            SHA256

                            e7680410ecf01f3ca8234f97f10199d51238ae07278304bb9649cdbbf2ff2f8c

                            SHA512

                            cd35d96e53850952321dad5fbb6653925dab9ce69d2d3c462cf90d00b325b5e74670fc46a7c23b2d65d76b56f5e2f4ffc34c0c715e4173f890baabab666946f5

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_13[1].txt
                            MD5

                            ad41e105c2c8cc6bbfde09643f7318c9

                            SHA1

                            bee555df1f9c472c9ea086f994d1b881cb3c41d0

                            SHA256

                            551579aafda8b1cc4d7f92270139c5c69190e74f054f67071b3ea81934c2c883

                            SHA512

                            f8e63ff9a66b751cbc999801b28a6538ba7e5e9850e368239616997f5667e8be693ad8f059989bb5b7c5d7c0d9d3467e36219624c11aad197de528d64afa138f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_14[1].txt
                            MD5

                            c3e89e7edc16baeeac32579b91262b4b

                            SHA1

                            35c8f7523cad3408893c8aaf3633e1eb1a6ad6a5

                            SHA256

                            4eb6031d58f76934aee51762db55bc36e685caa3ec05ac389d8c33a0f271883d

                            SHA512

                            70d1497626aad6369578c4060a9db81899f60c087f363ec12c63623993dc57407dbabcc2c17940457af5f0b6aee18734561825b458169cfa457a71531b6224a3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_15[1].txt
                            MD5

                            e192373ba85f165eb55cb8f01cec7078

                            SHA1

                            10d53307b3765a5a10ff46c35cc40e35031d1ef0

                            SHA256

                            1e93825742b91f41e8d74e5d30a41d38ab7282fc76fad65d11a03043b5583d68

                            SHA512

                            b8870b737ce554827f6c840dbe01e7eaded04046479e4c55817c0b7c72530995ee4741d277a2a948438712267668f8197dc0f142b0620ed5c622dbe8e924f6c1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_16[1].txt
                            MD5

                            b409b5164a221ce4a3d838a2fa6cd770

                            SHA1

                            5bf22ba51d9c8870247923c7a38a5b2ca103385e

                            SHA256

                            55b2b91b4f02da7ac01fc3acb88b465f3cea4b809796e5e21aa51924a12e7568

                            SHA512

                            17047fccbc27a12b7758bbc22f03913d6a2070ec2451a331c9ce49eaf3e0fee9b22d35d429e241a9c1a873afb128e565d1c826f40e9128ab2771f4fa3bdfa2d2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_17[1].txt
                            MD5

                            011e12019c9400d088199b104c5909ab

                            SHA1

                            c4bf946890b3847a18c656b6459f532aa468ef7e

                            SHA256

                            499b3b39f413904d8e2f4401f11175eec912139ec02bd08825dc448a4da9f391

                            SHA512

                            9f6953a2b069ac365041b6e657fd95b6372ffbcfa04abcb7b71a82984ce5dc9aef643a710d14778dceb75b92fea417deba364d0cff496f9282a49d9291d4bd4b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_18[1].txt
                            MD5

                            a666c5bf89c364c82f898ba1be626b4f

                            SHA1

                            849deb0500c93bdba882200d3c5b114002f62cea

                            SHA256

                            97b9de0f9f591c412868be19caf21436f9c957cdf5a71aec4bfc5d50e1c92a99

                            SHA512

                            18d0d630e18db126ad7934be55b054243b349f394231da4b263b21b2e0092175e6ca82c1cf7856a592817d3ba2c38d019a6b32a75b9d78ac4aad3382ddfe70bd

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_20[1].txt
                            MD5

                            ba76513c747894bd49e9810ae58567f9

                            SHA1

                            e8db64380676478f8091793b213fce2f58ddfb56

                            SHA256

                            353c2ea5bf245f777fc10c0040cc7ff738c3512e252f6246aa3d1fc5cc7c5e18

                            SHA512

                            1ee6da7fb2af2e254c66b18e9bec7305e9d448a4d846d9e771a8486608d7d7361b4f6479594ece87ac87ab9fc168a32f592e306c23d921d25ae18b13e8480c10

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_21[1].txt
                            MD5

                            6c20586b23926e771f68c382745e72c7

                            SHA1

                            ae878f1a45fd71d252d6934b5f08ad7527b5840e

                            SHA256

                            0b8dd62a775bd983d763558ca0a444e465c3801d6b62bc9e733a0eec7e3de650

                            SHA512

                            bf8fc8f186942388b5d81df073e2f2191b7ab5314028514c33cdf511def0cfea877f2aba079025c5ac9a0cc7dc357906343d115fe8147df8ed5a89604e62b4d2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_22[1].txt
                            MD5

                            f602c53f71cdb284adeb4270fe9129e5

                            SHA1

                            6f3341eb4dd1a2f3c99fb30edbae4adb51758edb

                            SHA256

                            f78bbdd219e377060d9d9304fb3f4aa7c66dc3c3fc10d9c2a21cfb9dbc71f774

                            SHA512

                            1deca1dee9f9d49344eba61d98bcc212fe70483dc8f401fa630d9cfc36567c8962279af722d668663c9bbbcb8c3467718a2de59b64b763711f28f244c47792a6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_23[1].txt
                            MD5

                            500de98c131bf7294de6cbf57687d806

                            SHA1

                            52529967db3f651b4c77eff992242694971f74dd

                            SHA256

                            9a2d925a7510d273dc844021e2acf18d10868f9486f8b6667f558e4ae29d36f7

                            SHA512

                            b016db76cc16921b23037332ea5fad6ee99c111d2789969ce601045a2eef17a6cf46dcd750c32b7ccdbe3a51f74cc2f5f9ed6e4d693353419ee600028d4ccd38

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_24[1].txt
                            MD5

                            976d3001a4e7c02bcc5dac3dc5fb9528

                            SHA1

                            ef5cb653e28ae623c2a8f640867a89048d00bd68

                            SHA256

                            d3133eeca4a2b4a1e70901a65e42d33977b7940b7c0f9622b2e0fdde8d8e3d83

                            SHA512

                            a8dcb2720d0bbb4e0558268b366748f042ebd64314e30a01777abd1b88a88621eba65f62fd0e6a7d61dfc641dff5f1b16a6de96daeedbe9877b1d192f852d547

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_25[1].txt
                            MD5

                            c0c69f073a06034f60d3592cd47aa698

                            SHA1

                            9dbd392932b3d8b313fd00fcb66aa2a8903d9765

                            SHA256

                            8ae3d21fdafa647139181c3405d6e21e369f0b1b210e41b1b278a85ccfcc2f18

                            SHA512

                            087628f41b78f304cc5085e3154a679632ac9223c4ce7eec351114507c449f676eee3d884c3b4df55240ba8e53f8d50972ba93e4e5255b8ec5f652db6968cb04

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_26[1].txt
                            MD5

                            ad086e31d153f7e436a12081c597e03c

                            SHA1

                            076fe1482ec0187cbd1de024fe8fe92c4327f400

                            SHA256

                            b822ae3d39c88e23c11e337590ecfccbf84ea14508d87816fc8726fdf0d1b5c9

                            SHA512

                            725a663dce1c0bc24d520947a0f8b3c5d9d945a0acff91d037bf16396a3a2038d40ac759425b3afa2d5d19fd75763cd7e033f8730a016a9420ed835e160f82c5

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_27[1].txt
                            MD5

                            04787e8ecd6d5114db7207547e1d1435

                            SHA1

                            dc34a50feeb909f06a35b6bb4301a555a066646b

                            SHA256

                            1e03ad154958d0fb808668d104ec530a5fdd031a3930cbaeebff8f8dfe285346

                            SHA512

                            cd75624c7358f709cc9176b1d849b03b1a24b218969c70376e30c815feb1e970950c18f4ae239c72132e1533d08479d466cd0e6714ba66f9acbf666406b6c445

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_28[1].txt
                            MD5

                            68dcec5946a9689e9fbf45820154f05c

                            SHA1

                            2ed52ac603b6e73ec7446d5d618a747846be0af7

                            SHA256

                            4d9ed2d1c782e54b7249d0551fa3b9134861dc977aa9fc3fb6ffb62e04f0d0d0

                            SHA512

                            395db62f8429bb6dd4fd853a2081da2affcd1fb76e317d6a8b4f4aa63e544ec30071a5de039fc0b688cb2a8c0075cb4eaaba3ddb1ac8c02f1ab715dd34d9f79f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_29[1].txt
                            MD5

                            4cefaefaae2ea8ed5eedb264d3cf24c0

                            SHA1

                            8ef5c45e7d0ddcb8e6cff4fdae80e1f0ea3a3ed6

                            SHA256

                            04b810d731fd4adc8ca3f596d4573e1a13fa5f995e602b8795ff3f338700c9ed

                            SHA512

                            984a3a7328eae965ade5b7c833f99302c01113690ce0f70153b6dde6adcd63f5aadb930bd22950437706b7380c2f583ae9e6b10f52f16d52049b01b03ed00195

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_2[1].txt
                            MD5

                            7302f4d0c0ca60d5cf992c64b4ac484e

                            SHA1

                            80ee1c4ac77a123fa3d2b7e31ca31f99bb2e1a6b

                            SHA256

                            55c00c5b14a88a52b2ce5f5fe750c764e655b9389ca2d2cad29931084c0282d7

                            SHA512

                            3b7d2b4f9947120301d4c5055e045ffe778d46e114bf83f0ecae71cd8f914ab706a0b534b1135be4af85f4a3b5d64f95fb7a5679e1d8ce6e8acb3ca1f87c7376

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_4[1].txt
                            MD5

                            3e89e49adb928d28afb8a4e4153c7091

                            SHA1

                            3ef94e39b38fac3dd35256c2843ae42fe24c316c

                            SHA256

                            655542550e1e9ee207617b591008039b79e4bf0c91af1d3259535e6022e2fe87

                            SHA512

                            d7330f835cce37235021e0ac703fdbe29d3b5bf46dac74e92c16365683c4e18b49e6c7a6dfd4b3eb48bbea2507ef8163801d495102d442727a543907afa193fb

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_5[1].txt
                            MD5

                            9fc1a979a3459ba0f0c7ddf42b893fb6

                            SHA1

                            d7b0233e4a5dd2f814d588c6ebc4e5f8a6d53b95

                            SHA256

                            ec2be82595707f6fb2993b860cafed941467174ed8b8df0ef9acef513e6293a1

                            SHA512

                            5c0ba186b028bc2b02a6507c638c726c1139915437d2c1118cebcafe8d386ded27b6995559e3d3bd451c4d5771ea5f771958719f5113e8e907d4b89ee6abc587

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_6[1].txt
                            MD5

                            aeb954fcb2eb0ea4b229be5a814817ad

                            SHA1

                            07c79febb3c40ad1ab933a1f1c937254a5b23cf9

                            SHA256

                            e62b0012a80636080823b368488aface65eeb31721703820420e818cbccef6dd

                            SHA512

                            80a5c3812bbbbf1612254359be80f5b4fb59df2f7fe1cfb110bac4f44ddff39cff467de6b5292e72c3ba5c7a5b3814b873711caf742a775dc0e6908fa68e67d0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_8[1].txt
                            MD5

                            fb0be3aaa1da579c289428f8e50331f2

                            SHA1

                            f78123006cec856282b68bffbd0e8babfa90c665

                            SHA256

                            68be130a86927f097489d8e76c6807aec1e971eb2e9f77fc5093bc723ec8f30c

                            SHA512

                            224a5d04772522c093557994fa52e126f1a02dc497f8feda7e9e7714d4f3206a793637eda630b46aa680599b79f255f1ef8b2c49982a13a833f55cae6f55c093

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\MLE6WXZB\1\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_9[1].txt
                            MD5

                            187b980d4eb973589d2770b9b517de05

                            SHA1

                            d205aa42fec27118a9ff6b8bc386de708063c09d

                            SHA256

                            6ec998fee3bc69c88a9ff0a8f25ccaabb5fdc1ef14ad19df148b3d0ca621db03

                            SHA512

                            b1742fffd741bf7312f5ef222faef14c24ce22bc0122c84af57d97faddf70963a321f3742eb34eacb6e03620d26490d9dbff2729edd9602ac97414cf0879229c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
                            MD5

                            f97ab3d4f10bd00e5aa4225a589a15b0

                            SHA1

                            93213ab4d7a2848a547b3c198b8e8239de614752

                            SHA256

                            3aa2950c2df5b121c75131ce29e009f60d36a4f5e609ee4fc6a61640338db0d7

                            SHA512

                            9cf729eecb7760d3927f459cc03d6c271591b435c6353f90f92479e96db74ff2c667e53a8ee6e4de1c9003b0fe83b91ac17272eb4361cdb338ccd8d5a672daee

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
                            MD5

                            35beaf713a57df8256e12ddf02dcacd8

                            SHA1

                            1450f0886b24147073e0fda965d431db60ad8657

                            SHA256

                            0c4cc3c07080bbf00d8d11227512d29ad899a563032ea04c348b5f1e139b2ddd

                            SHA512

                            d052a8013d73ac59714a3cc9bfbfd15b07fee897c5a1a5349ace31e85abeb734a049d8242f28902ee4b0d62873efe63a3f507012bd6edf4eadc63f5f605047fe

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\A8JCZ56M\www.bing[1].xml
                            MD5

                            44841a84d6af7b18a56d27170c2f8199

                            SHA1

                            4134c64e66a991e95319924fc1f7ef1aabe8eeda

                            SHA256

                            b1f097a2878d8e1d642c0c4e6b1c5a4b8a962670454c423e96f855cfc9bc230c

                            SHA512

                            bf564df46a1a35b9b42b561ef50e43957d39e905810ed54635cb19e6cd5f7d54dcf3dc3342043d454801e4aa53af4945f8344dd896905f8aaf67737a4edf8564

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\A8JCZ56M\www.bing[1].xml
                            MD5

                            226f0415b4f9536c600a5e3fad7885ff

                            SHA1

                            70f9c30dfa0032cdf3fbf9a4ae42bfa82f24e92f

                            SHA256

                            5eed8bca9dbc4171c4fd45c2404c347f8751fd6ab4f244e908414710738f287d

                            SHA512

                            d765c897291b456a901369b72680b008b8fa6fbb47100fac9e37065c099bc07a68196b3dfbd421d5d2c03df794e77200f35628b8a5251c32fbc6dff1915cb77c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\A8JCZ56M\www.bing[1].xml
                            MD5

                            42bd32c44ee1407fd71342f67f532d1b

                            SHA1

                            3db5d6f69c6f8628c461636a0d92dd81aa756579

                            SHA256

                            e8201a34445cb7dd75d27848729531a4c6f01a77b3bc502bbc0f0c67db29a835

                            SHA512

                            c90664a0a405a086148256b7159c2d996c39c050524d637d07b7ddd0daefad2bb2d0799a70fad1bfac82c774ce8a84ff1f63e39a27e77f0c9dc2a0669b74550c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\A8JCZ56M\www.bing[1].xml
                            MD5

                            b2994bc79fa0b3c6c1761c56816cb644

                            SHA1

                            072bf5b1524f62a9f7cea7d2b59c2083bd21f221

                            SHA256

                            b9e0aa2c85625f8c4b9c550447cec9b4e6bf60783252cbdd029f28ed97e3685c

                            SHA512

                            7932a9e6a6a98e4a8c8aca658ea4e21be768e4a2447f97e7d622d1dfd1b12019538bf969f4295f6c048b96f2cb58ad483ebfa159e652a933876541e2cae85a7e

                            Download Submit