Analysis

  • max time kernel
    69s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 18:39

General

  • Target

    a2c22e306d056be32a1e9eacdbbe6294dd5714dfafecb2342b09d6a2341ca1c0.exe

  • Size

    2.8MB

  • MD5

    245a163dc22fe6c11f587f49c541cadc

  • SHA1

    072ce5ef36093442b80e9b4097c128ed4080a3d1

  • SHA256

    a2c22e306d056be32a1e9eacdbbe6294dd5714dfafecb2342b09d6a2341ca1c0

  • SHA512

    1a77e630226320b38d99c74dd26f538660fa801323290a2dcbd5e69a1a6e58b2e8d5e49cdd1607da7543ce62fbe09ac3928e11098a7d9e03c98df43dca39c378

  • SSDEEP

    49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTl8UhgaPPenWrD:c+8X9G3vP3AMVPvD

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
  • Enumerates connected drives 3 TTPs 14 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2c22e306d056be32a1e9eacdbbe6294dd5714dfafecb2342b09d6a2341ca1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\a2c22e306d056be32a1e9eacdbbe6294dd5714dfafecb2342b09d6a2341ca1c0.exe"
    1⤵
      PID:4740
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3396
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2140
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2580
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1764
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3840
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:4508
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4544
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1476
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4748
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:3600
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3384
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:3036
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1220
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:3588
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:4884
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:4308
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:3308
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:1196
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:4320
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:4460
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:1440
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:4296
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:4472
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:1268
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:3868
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:3824
                      • C:\Windows\system32\werfault.exe
                        werfault.exe /hc /shared Global\f1b6f38c94a341a3a15a4ddccc78504f /t 3836 /p 3916
                        1⤵
                        • Modifies Installed Components in the registry
                        • Enumerates connected drives
                        • Checks SCSI registry key(s)
                        • Modifies registry class
                        • Suspicious use of SendNotifyMessage
                        PID:3600
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3604
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3292
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4560
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:4800
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2504
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                  • Modifies Internet Explorer settings
                                  • Modifies registry class
                                  • Suspicious use of SetWindowsHookEx
                                  PID:3588
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:2828
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:3512
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:1804
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4624
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:1376
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:2968
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:4780
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:2416
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:3680
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4764
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3316
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:4460
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:1360
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:5092
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:2180
                                                            • C:\Windows\system32\werfault.exe
                                                              werfault.exe /hc /shared Global\a766ba452803477db8a8fb8c0215d5f6 /t 4452 /p 3540
                                                              1⤵
                                                                PID:3804
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4268
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:1664
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:2300
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:1804
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:780
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4884
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:4836
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:2216
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:1584
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3012

                                                                                  Network

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                          Filesize

                                                                                          471B

                                                                                          MD5

                                                                                          976ce2c91cbe61b98378e8e5c5ba4d53

                                                                                          SHA1

                                                                                          45b3e1eabb4e759bf46ffeb8f9722077a0d62c72

                                                                                          SHA256

                                                                                          255f312d16d7d080cf1a97d4eb255c236c7eee6c059d732d970e3c05c07c158e

                                                                                          SHA512

                                                                                          0065b7984960354aea85cd0c6792e019f40a2b359fabf7dcee438193c1bab47d74d59602627c8399df741864dffb0469d9cf8bc48907c1c67015c51d01a7b28a

                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                          Filesize

                                                                                          412B

                                                                                          MD5

                                                                                          85df2b699f8f0cd978d64e9d3592515f

                                                                                          SHA1

                                                                                          202aafb6bf7f8e68222655ca058cba12348f6999

                                                                                          SHA256

                                                                                          498ba47dfdf3b343d9d24cc65b2f0f2c269d7791b91a9cb449d12fc936bee51a

                                                                                          SHA512

                                                                                          607f26a6a615cc43d85065536301d62ac7329df1153ef039f01035b3c2c3fa43ba01d51fb4f4e43613521a6114f68674a450460d58fbae3fdd98d6644680da3a

                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QVHQQQV3\microsoft.windows[1].xml

                                                                                          Filesize

                                                                                          97B

                                                                                          MD5

                                                                                          e403893cb1eff096a3a681a4e18bfc57

                                                                                          SHA1

                                                                                          2b77a9b05a98def1630f2d224077297c5aa719bc

                                                                                          SHA256

                                                                                          5a67e1471e50d3e01653afe33268399829528a3d7c0e41dcd2d1e0c66670d066

                                                                                          SHA512

                                                                                          c8da1987035c0ee26cf94ecac9436d2e4abe7a512471231666e7e1e25b48b9aa033ad4a68075e7f4a83c9a5229718906a15dec6a15c57d39a7e6d3bd99ecd564

                                                                                        • memory/780-284-0x0000000004370000-0x0000000004371000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/1196-101-0x0000000004010000-0x0000000004011000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/1440-124-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/1476-41-0x0000016619190000-0x00000166191B0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/1476-39-0x0000016618D00000-0x0000016618D20000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/1476-37-0x0000016618D40000-0x0000016618D60000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/1664-275-0x0000028F317D0000-0x0000028F317F0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/1664-272-0x0000028F31B20000-0x0000028F31B40000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/1664-279-0x0000028F31EE0000-0x0000028F31F00000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/2300-265-0x0000000004010000-0x0000000004011000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/2504-169-0x00000000047A0000-0x00000000047A1000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/2580-7-0x0000000004230000-0x0000000004231000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/2828-181-0x0000019B92F20000-0x0000019B92F40000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/2828-179-0x0000019B92B10000-0x0000019B92B30000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/2828-177-0x0000019B92B50000-0x0000019B92B70000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/2968-206-0x000001F776AA0000-0x000001F776AC0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/2968-203-0x000001F776490000-0x000001F7764B0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/2968-201-0x000001F7764D0000-0x000001F7764F0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3036-55-0x0000000002840000-0x0000000002841000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/3292-156-0x000001E33BE20000-0x000001E33BE40000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3292-159-0x000001E33BBE0000-0x000001E33BC00000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3292-161-0x000001E33C1F0000-0x000001E33C210000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3308-86-0x000002341E240000-0x000002341E260000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3308-92-0x000002341E610000-0x000002341E630000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3308-89-0x000002341E200000-0x000002341E220000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3316-225-0x00000210B8140000-0x00000210B8160000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3316-228-0x00000210B8100000-0x00000210B8120000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3316-231-0x00000210B8510000-0x00000210B8530000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3588-69-0x000001B9AA4C0000-0x000001B9AA4E0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3588-65-0x000001B9A9EB0000-0x000001B9A9ED0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3588-63-0x000001B9A9EF0000-0x000001B9A9F10000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3680-217-0x0000000004580000-0x0000000004581000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/3824-148-0x0000000003E50000-0x0000000003E51000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/3840-14-0x0000025233180000-0x00000252331A0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3840-16-0x0000025233140000-0x0000025233160000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/3840-21-0x0000025233750000-0x0000025233770000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4460-114-0x00000254C8590000-0x00000254C85B0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4460-111-0x00000254C8180000-0x00000254C81A0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4460-241-0x00000000042A0000-0x00000000042A1000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/4460-109-0x00000254C81C0000-0x00000254C81E0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4472-132-0x0000016E76400000-0x0000016E76420000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4472-134-0x0000016E761C0000-0x0000016E761E0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4472-136-0x0000016E767D0000-0x0000016E767F0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4508-30-0x0000000004700000-0x0000000004701000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/4624-193-0x0000000004610000-0x0000000004611000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/4836-292-0x000002219C100000-0x000002219C120000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4836-296-0x000002219BDC0000-0x000002219BDE0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4836-298-0x000002219C4D0000-0x000002219C4F0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/4884-78-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/5092-253-0x0000026048BE0000-0x0000026048C00000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/5092-250-0x00000260485D0000-0x00000260485F0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/5092-248-0x0000026048820000-0x0000026048840000-memory.dmp

                                                                                          Filesize

                                                                                          128KB