Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

StartSetup_20221.exe

windows10-2004-x64

8

Resubmissions

12/10/2023, 05:13

231012-fwnyfsbc37 8

Analysis

  • max time kernel
    271s
  • max time network
    362s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 05:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    StartSetup_20221.exe

  • Size

    23.2MB

  • MD5

    427acef4541586b9e5ec58c410a6246a

  • SHA1

    a671aba24d8f12cc2c1085148cf6a7d44dfa43e5

  • SHA256

    24a8758f67be667eabc9fe3c412f155c52d8cd4e4dcee531966d3e73be3bc1bc

  • SHA512

    1f05811413b939cc8e60a846337a82388b9e13a05a918ed27462f0eed33d905bad89ff37e0d952d5b64c48da4a19a365fc677e6d05e9ab2ba136afa85634cc8e

  • SSDEEP

    393216:Y2ouiGr4BTwht+he09FQupb9cVto0N3Wbmb7Y+/+USQvvcKx98YVLiCkuYcF/Us2:YLTwht+he09FQupb9cVRN39b0W+USMvg

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 12 IoCs
    persistence
  • Loads dropped DLL 2 IoCs
  • Registers COM server for autorun 1 TTPs 6 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\StartSetup_20221.exe
    "C:\Users\Admin\AppData\Local\Temp\StartSetup_20221.exe"
    1⤵
    • Registers COM server for autorun
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1076
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1092
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4616
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
        PID:2528
      • C:\Windows\system32\werfault.exe
        werfault.exe /h /shared Global\baacf0417d19418a9d532f0d86e8cfda /t 2084 /p 3192
        1⤵
          PID:2668
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:2556
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:1392
        • C:\Windows\system32\rundll32.exe
          C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
          1⤵
            PID:3948
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:1472
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:3860
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Loads dropped DLL
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SendNotifyMessage
            PID:4556
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:4868
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Enumerates system info in registry
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:3916
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:912
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            PID:2620
          • C:\Windows\system32\werfault.exe
            werfault.exe /hc /shared Global\8c912a584e734a7ba269bdf39f68f4db /t 4788 /p 3504
            1⤵
              PID:4764
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Suspicious use of SetWindowsHookEx
              PID:3272
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
              • Modifies Installed Components in the registry
              • Enumerates connected drives
              • Checks SCSI registry key(s)
              • Modifies registry class
              PID:1148
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Suspicious use of SetWindowsHookEx
              PID:4484
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
              • Modifies Installed Components in the registry
              • Enumerates connected drives
              • Checks SCSI registry key(s)
              • Modifies registry class
              PID:4032
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Suspicious use of SetWindowsHookEx
              PID:4492
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
              • Enumerates system info in registry
              • Modifies Internet Explorer settings
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:4640
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
              • Modifies Installed Components in the registry
              • Enumerates connected drives
              • Checks SCSI registry key(s)
              • Modifies registry class
              PID:4608
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Suspicious use of SetWindowsHookEx
              PID:1360
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
              • Modifies Installed Components in the registry
              • Enumerates connected drives
              • Checks SCSI registry key(s)
              • Modifies registry class
              PID:2520
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Suspicious use of SetWindowsHookEx
              PID:1664
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
              • Modifies Installed Components in the registry
              • Enumerates connected drives
              • Checks SCSI registry key(s)
              • Modifies registry class
              PID:3380
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:3716
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
              • Modifies Installed Components in the registry
              • Enumerates connected drives
              • Checks SCSI registry key(s)
              • Modifies registry class
              PID:4284
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Suspicious use of SetWindowsHookEx
              PID:224
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
              • Enumerates system info in registry
              • Modifies Internet Explorer settings
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:2196
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
              • Modifies Installed Components in the registry
              • Modifies registry class
              PID:5012
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Suspicious use of SetWindowsHookEx
              PID:3932
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:1612
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:632
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:2316
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:912
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4048
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4340
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:2212
                          • C:\Windows\system32\werfault.exe
                            werfault.exe /hc /shared Global\5f533ddd51d449fa95f71e47293fbe3f /t 620 /p 1600
                            1⤵
                              PID:3804
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:368
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:2352
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:1920
                                  • C:\Windows\system32\werfault.exe
                                    werfault.exe /hc /shared Global\e8596c61f0e749aeab49422ad440fe7f /t 4288 /p 3760
                                    1⤵
                                      PID:2000
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:4052
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:3920
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:3900
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:3496
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:224
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:3412
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:1252
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:1764
                                                    • C:\Windows\system32\werfault.exe
                                                      werfault.exe /hc /shared Global\adddc301914f479cb2165d57c5d9c41e /t 2944 /p 1228
                                                      1⤵
                                                        PID:220
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4304

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                          Filesize

                                                          471B

                                                          MD5

                                                          976ce2c91cbe61b98378e8e5c5ba4d53

                                                          SHA1

                                                          45b3e1eabb4e759bf46ffeb8f9722077a0d62c72

                                                          SHA256

                                                          255f312d16d7d080cf1a97d4eb255c236c7eee6c059d732d970e3c05c07c158e

                                                          SHA512

                                                          0065b7984960354aea85cd0c6792e019f40a2b359fabf7dcee438193c1bab47d74d59602627c8399df741864dffb0469d9cf8bc48907c1c67015c51d01a7b28a

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                          Filesize

                                                          412B

                                                          MD5

                                                          c3af14d6671b164d6079ccbe817fe510

                                                          SHA1

                                                          f7f40c77c297c29b2db0ace7d8aa1cb9a9cc1a9a

                                                          SHA256

                                                          3114e4155fa2240ca84476e31df301a91255805d9f25ef87742645e810d1a263

                                                          SHA512

                                                          3e553b81e8f079efed122ee37d9d68edc233f14be815fdf754698e1db467fb49721ccfb598489c5704574594d5956b3fb52b86afbe00032e8b5d695f07276a06

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml
                                                          Filesize

                                                          96B

                                                          MD5

                                                          4114b63fafc98d9307dc8bfae1c379cd

                                                          SHA1

                                                          8959adf99facaf14c6be813470286c448b0e0b44

                                                          SHA256

                                                          f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                          SHA512

                                                          51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133415614693391072.txt
                                                          Filesize

                                                          77KB

                                                          MD5

                                                          d3f096e14255f163f0b21aef154aa1fc

                                                          SHA1

                                                          49bec4c20c5416209446b5edd5c6c4eeb9aad853

                                                          SHA256

                                                          f10b7747328197bada2347af63cfd4aa07db1d928f79084438081244a07afc26

                                                          SHA512

                                                          d18e5d8bf9a754430866c340f552befab983070b9605b5388b1b75438ea472bb487a4f41f7123223565cdb10f773d4d6ec94a5e5ddb0d77a61d6d4ba9763b3e8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133415614968596626.txt
                                                          Filesize

                                                          77KB

                                                          MD5

                                                          d3f096e14255f163f0b21aef154aa1fc

                                                          SHA1

                                                          49bec4c20c5416209446b5edd5c6c4eeb9aad853

                                                          SHA256

                                                          f10b7747328197bada2347af63cfd4aa07db1d928f79084438081244a07afc26

                                                          SHA512

                                                          d18e5d8bf9a754430866c340f552befab983070b9605b5388b1b75438ea472bb487a4f41f7123223565cdb10f773d4d6ec94a5e5ddb0d77a61d6d4ba9763b3e8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                                                          Filesize

                                                          120KB

                                                          MD5

                                                          7a55c771116f29b84b91ab66dca702ba

                                                          SHA1

                                                          09a617254672ee8fdfd9cf9e89f7d3ecd790509a

                                                          SHA256

                                                          2f1aaa54f8dc18012530da8c3142d9fcc124159cc1f115fb05c0bb716118a710

                                                          SHA512

                                                          8acb9067c0850717234ce43eeae7d294810b19ffe408df3098a3ffbbd3358d5b15f0f2a04c53a5cc054344eea4561f8cb9e9f3eac823ba7cb703ce39a9a4c272

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                                                          Filesize

                                                          120KB

                                                          MD5

                                                          7a55c771116f29b84b91ab66dca702ba

                                                          SHA1

                                                          09a617254672ee8fdfd9cf9e89f7d3ecd790509a

                                                          SHA256

                                                          2f1aaa54f8dc18012530da8c3142d9fcc124159cc1f115fb05c0bb716118a710

                                                          SHA512

                                                          8acb9067c0850717234ce43eeae7d294810b19ffe408df3098a3ffbbd3358d5b15f0f2a04c53a5cc054344eea4561f8cb9e9f3eac823ba7cb703ce39a9a4c272

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                                                          Filesize

                                                          123KB

                                                          MD5

                                                          c13ee6c87185ad90e0b78c1fc5270bb8

                                                          SHA1

                                                          a77a8c8e86feccd6086aad1116b5cbbc650c703a

                                                          SHA256

                                                          31100bbaeaa1b22faf3964eb296aeaf85e6d8bfe11a9f331762c20b1fd547874

                                                          SHA512

                                                          d98d06d59642614768866a5a9b6790e8805a2b2420d86ccd659abb7046a8c5e85fffa8c4f49192efbfd244635c869e371dce9ce19c7c94663b28d0582f5ffe8e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                                                          Filesize

                                                          120KB

                                                          MD5

                                                          efc7f39727c111933d21504e72504617

                                                          SHA1

                                                          e948db7b823d5e7e5c151789e827995fc63967b6

                                                          SHA256

                                                          b7da66b33fce98981f9df3876237cd9ae3377e88b50fded7f1de9a7dd94edcbe

                                                          SHA512

                                                          303f9e71a96744ebc586b4086cddffabe5a9ecd63a511305132ac90b912d331af9f0227a8f81867a9ff2756096ab31217961f66098d0766bdfdd10b8d9129c42

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                                                          Filesize

                                                          122KB

                                                          MD5

                                                          74e7c2b3a2480d94ee122bd87b8297cb

                                                          SHA1

                                                          0398698d5de62393bd82d33d458bc40f22caddee

                                                          SHA256

                                                          bf3259614bb9b3d97041d99bee0369a343feed3ac1cde7fdd1f928c489e367e2

                                                          SHA512

                                                          82c761d1ddf432dd250a624ecc4d5697d6f32f55de962165109ce388a5f11e23d39d5804802a32fa5a4ed5bd2c98359ffea0d76e4811fcdcf07f2a56f152b5a1

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                                                          Filesize

                                                          122KB

                                                          MD5

                                                          74e7c2b3a2480d94ee122bd87b8297cb

                                                          SHA1

                                                          0398698d5de62393bd82d33d458bc40f22caddee

                                                          SHA256

                                                          bf3259614bb9b3d97041d99bee0369a343feed3ac1cde7fdd1f928c489e367e2

                                                          SHA512

                                                          82c761d1ddf432dd250a624ecc4d5697d6f32f55de962165109ce388a5f11e23d39d5804802a32fa5a4ed5bd2c98359ffea0d76e4811fcdcf07f2a56f152b5a1

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                                                          Filesize

                                                          120KB

                                                          MD5

                                                          d6fd8017369f7a3fe6b897c23f47557e

                                                          SHA1

                                                          272bbf07858e28ee3f41902dbd9c1f82f6fc32e9

                                                          SHA256

                                                          b2ffa16a52c4436b225e78ef0d067bb94ba00b9971fdf3615efb1faf2102296a

                                                          SHA512

                                                          926ed3cd79ab31a2cefa48992e88abb8a122750bb7d98b052ebba017cf7cddba93b397a2c7527b380772032277912c39c00f84877af64a10b89c85fea6742ab9

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                                                          Filesize

                                                          120KB

                                                          MD5

                                                          d6fd8017369f7a3fe6b897c23f47557e

                                                          SHA1

                                                          272bbf07858e28ee3f41902dbd9c1f82f6fc32e9

                                                          SHA256

                                                          b2ffa16a52c4436b225e78ef0d067bb94ba00b9971fdf3615efb1faf2102296a

                                                          SHA512

                                                          926ed3cd79ab31a2cefa48992e88abb8a122750bb7d98b052ebba017cf7cddba93b397a2c7527b380772032277912c39c00f84877af64a10b89c85fea6742ab9

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml
                                                          Filesize

                                                          96B

                                                          MD5

                                                          4114b63fafc98d9307dc8bfae1c379cd

                                                          SHA1

                                                          8959adf99facaf14c6be813470286c448b0e0b44

                                                          SHA256

                                                          f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                          SHA512

                                                          51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml
                                                          Filesize

                                                          96B

                                                          MD5

                                                          4114b63fafc98d9307dc8bfae1c379cd

                                                          SHA1

                                                          8959adf99facaf14c6be813470286c448b0e0b44

                                                          SHA256

                                                          f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                          SHA512

                                                          51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml
                                                          Filesize

                                                          96B

                                                          MD5

                                                          4114b63fafc98d9307dc8bfae1c379cd

                                                          SHA1

                                                          8959adf99facaf14c6be813470286c448b0e0b44

                                                          SHA256

                                                          f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                          SHA512

                                                          51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml
                                                          Filesize

                                                          96B

                                                          MD5

                                                          4114b63fafc98d9307dc8bfae1c379cd

                                                          SHA1

                                                          8959adf99facaf14c6be813470286c448b0e0b44

                                                          SHA256

                                                          f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                          SHA512

                                                          51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml
                                                          Filesize

                                                          96B

                                                          MD5

                                                          4114b63fafc98d9307dc8bfae1c379cd

                                                          SHA1

                                                          8959adf99facaf14c6be813470286c448b0e0b44

                                                          SHA256

                                                          f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                          SHA512

                                                          51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\7zip\7-zip.dll
                                                          Filesize

                                                          92KB

                                                          MD5

                                                          c3af132ea025d289ab4841fc00bb74af

                                                          SHA1

                                                          0a9973d5234cc55b8b97bbb82c722b910c71cbaf

                                                          SHA256

                                                          56b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52

                                                          SHA512

                                                          707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\7zip\7-zip.dll
                                                          Filesize

                                                          92KB

                                                          MD5

                                                          c3af132ea025d289ab4841fc00bb74af

                                                          SHA1

                                                          0a9973d5234cc55b8b97bbb82c722b910c71cbaf

                                                          SHA256

                                                          56b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52

                                                          SHA512

                                                          707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\7zip\7-zip.dll
                                                          Filesize

                                                          92KB

                                                          MD5

                                                          c3af132ea025d289ab4841fc00bb74af

                                                          SHA1

                                                          0a9973d5234cc55b8b97bbb82c722b910c71cbaf

                                                          SHA256

                                                          56b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52

                                                          SHA512

                                                          707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2

                                                          Download Submit

                                                        • memory/912-378-0x0000000004A40000-0x0000000004A41000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-224-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-220-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-218-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-227-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-230-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-228-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-229-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-226-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-219-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1092-225-0x0000025C54740000-0x0000025C54741000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/1612-355-0x0000000004B50000-0x0000000004B51000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/2196-342-0x0000019BD8F50000-0x0000019BD8F70000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2196-339-0x0000019BD8B40000-0x0000019BD8B60000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2196-336-0x0000019BD8B80000-0x0000019BD8BA0000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2316-363-0x0000027815BE0000-0x0000027815C00000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2316-365-0x0000027815BA0000-0x0000027815BC0000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2316-367-0x0000027815FB0000-0x0000027815FD0000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2352-417-0x0000024BE5440000-0x0000024BE5460000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2352-419-0x0000024BE5400000-0x0000024BE5420000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/2352-421-0x0000024BE58E0000-0x0000024BE5900000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/3916-246-0x0000021D9E040000-0x0000021D9E060000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/3916-251-0x0000021D9E6A0000-0x0000021D9E6C0000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/3916-249-0x0000021D9E000000-0x0000021D9E020000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/3920-410-0x0000000003FE0000-0x0000000003FE1000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/4032-297-0x0000000004610000-0x0000000004611000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/4284-328-0x0000000004330000-0x0000000004331000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/4340-386-0x0000014F4DEC0000-0x0000014F4DEE0000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/4340-392-0x0000014F4DE80000-0x0000014F4DEA0000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/4340-393-0x0000014F4E4A0000-0x0000014F4E4C0000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/4556-239-0x0000000004CE0000-0x0000000004CE1000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/4640-307-0x00000273F84E0000-0x00000273F8500000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/4640-309-0x00000273F8B00000-0x00000273F8B20000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download

                                                        • memory/4640-305-0x00000273F8520000-0x00000273F8540000-memory.dmp

                                                          Filesize

                                                          128KB

                                                          Download