40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17

Resubmissions

01/11/2023, 20:57

231101-zryfwadb3s 8

01/11/2023, 20:12

31/10/2023, 21:03

31/10/2023, 18:05

31/10/2023, 17:13

31/10/2023, 16:52

Analysis

max time kernel
66s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
Size

203KB
MD5

e26bba0304f14ef96beb60376791d32c
SHA1

24f6785ca2e82d1d1d61f4cb01d5e753f80445cf
SHA256

40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17
SHA512

f38c594c10ec95a1b0cb3acdb1e920d8343728aa34641d773d4f7fb391cf2d6bb7d11264496b9792c7aec551ce4b1b74bbb78b1a787e6d667824fb18f988d93a
SSDEEP

3072:7uoYEB8lWYjmGlCcrwMuWSiVuFbJj65dVi/gTXouvCFH:73V+hjm6Ccrpu+iB/gTY+CF

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Active Setup\Installed Components	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Drops startup file 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\io3a8LA9MK.BiBi1	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tb85fFNRfA.BiBi2	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 50 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	explorer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-1873812795-1433807462-1429862679-1000\desktop.ini	explorer.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Public\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-1873812795-1433807462-1429862679-1000\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe

Enumerates connected drives 3 TTPs 14 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\F:	Process not Found
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\D:	Process not Found

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	explorer.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1873812795-1433807462-1429862679-1000\{A7B29612-971B-4EF5-B929-01E88CC986CB}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1873812795-1433807462-1429862679-1000\{3A2D3467-6B66-45D1-939C-11D2CE933E97}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Process not Found
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\NumberOfSubdomains = "2"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	5988	explorer.exe
Token: SeCreatePagefilePrivilege	5988	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	8088	explorer.exe
Token: SeCreatePagefilePrivilege	8088	explorer.exe
Token: SeShutdownPrivilege	5288	explorer.exe
Token: SeCreatePagefilePrivilege	5288	explorer.exe
Token: SeShutdownPrivilege	5288	explorer.exe
Token: SeCreatePagefilePrivilege	5288	explorer.exe
Token: SeShutdownPrivilege	5288	explorer.exe
Token: SeCreatePagefilePrivilege	5288	explorer.exe
Token: SeShutdownPrivilege	5288	explorer.exe
Token: SeCreatePagefilePrivilege	5288	explorer.exe
Token: SeShutdownPrivilege	5288	explorer.exe
Token: SeCreatePagefilePrivilege	5288	explorer.exe
Token: SeShutdownPrivilege	5288	explorer.exe
Token: SeCreatePagefilePrivilege	5288	explorer.exe
Token: SeShutdownPrivilege	5288	explorer.exe
Token: SeCreatePagefilePrivilege	5288	explorer.exe
Token: SeShutdownPrivilege	5288	explorer.exe
Token: SeCreatePagefilePrivilege	5288	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
5988	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
8088	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe
5288	explorer.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5900	StartMenuExperienceHost.exe
5748	StartMenuExperienceHost.exe
3748	SearchApp.exe
5936	StartMenuExperienceHost.exe
1788	SearchApp.exe
6248	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 968	4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe	100
PID 4016 wrote to memory of 968	4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe	100
PID 4016 wrote to memory of 2696	4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe	101
PID 4016 wrote to memory of 2696	4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe	101
PID 4016 wrote to memory of 1636	4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe	102
PID 4016 wrote to memory of 1636	4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe	102
PID 4016 wrote to memory of 1772	4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe	103
PID 4016 wrote to memory of 1772	4016	40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe
"C:\Users\Admin\AppData\Local\Temp\40417e937cd244b2f928150cae6fa0eff5551fdb401ea072f6ecdda67a747e17.exe"
1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c vssadmin delete shadows /quIet /all
  2⤵
  PID:968
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c wmic shadowcopy delete
  2⤵
  PID:2696
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe / c bcdedit / set {default} bootstatuspolicy ignoreallfailures
  2⤵
  PID:1636
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c bcdedit /set {default} recoveryenabled no
  2⤵
  PID:1772

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5988

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5900

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Drops desktop.ini file(s)
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:8088

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3748

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5748

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5288

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5936

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
1⤵
PID:5568

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:7676

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:6524

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:5456

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:6248

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4212

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
PID:7748

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5804

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:7796

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:964

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7076

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7656

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:380

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:7516

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
1⤵
PID:3592

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5540

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:7692

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7600

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4472

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
1⤵
PID:7136

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7668

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7840

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5220

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6672

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:6576

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6100

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5092

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1912

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3364

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7184

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:880

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7376

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6324

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4944

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4272

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1916

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5964

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:8068

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3604

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3412

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6716

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:6476

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4200

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3740

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4968

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:548

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1448

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:548

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6152

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5608

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2508

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6464

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1900

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5952

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7288

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:6816

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7724

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6864

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7916

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2992

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7588

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7372

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5692

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5732

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:540

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2684

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4068

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:6260

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3356

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:6492

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1496

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3236

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3620

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3540

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1776

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6208

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7328

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6336

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7320

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4684

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:316

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6900

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5720

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5844

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7396

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4888

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2780

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:6404

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4692

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:8156

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:8180

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:644

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3004

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4436

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5760

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:6960

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4760

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1604

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4508

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6856

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7496

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4268

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6644

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1980

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:7068

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2788

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2576

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2528

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5040

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7752

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:7596

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1544

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1788

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7916

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1000

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:436

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4920

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4352

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6896

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2752

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7964

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1684

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7760

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5800

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:6476

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6148

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1620

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:7312

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7192

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5880

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6896

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7556

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4848

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2992

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2312

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4436

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:7348

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5764

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:552

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4328

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:7340

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:6684

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1620

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:540

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6100

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2872

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1416

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\USERS\ADMIN\DESKTOP\5MP36JQGVX.BIBI2

Filesize
709KB

MD5
494d794e1dafa723768a6f6c475a568a

SHA1
85ca5fd14aa3d5bd854965e6173393b2fdab86d3

SHA256
8c606a35a7c49a3acc035f6068e28e95b7df40990070af2aed2bd87668029413

SHA512
dba4dd4505b1a74a095380d3663af78b2ab98522ca43e7454bcfe2926083c784847872ce975329064c00afb643807ce576ffc9667aa7ce3b3ab8eaa64eeeffff

Download Submit
C:\USERS\ADMIN\DESKTOP\7U5JFKS0BU.BIBI2

Filesize
648KB

MD5
8316574691f012cdbce3816de26e49b2

SHA1
0cb9e39fef93e813c2d497a505caaaf36a7604c8

SHA256
dbaaef1c1b8822dea1b78631fe89a98502d9972c2b0bd249787b92840a4d2f13

SHA512
cea765fb014f65a19ff85942c4e2ce1e5aa09c82991aeeb4f6c446c120e6bd347b45d13fc8ecc57b9fb4d0211b0ac26f1b58789adef9d1dadae07c11f6bf63a1

Download Submit
C:\USERS\ADMIN\DESKTOP\ATKSEMCESF.BIBI2

Filesize
1.2MB

MD5
538a62d165f8e6ce7a5dd0875841342d

SHA1
1aa1f425b640ab904ab2d30da680dd425450f0ff

SHA256
2d5acf383d66bca662e279397d45f8825511e0a38a5914a651ff148ff2f4f425

SHA512
4354897a99fef264c5ac5bb9f5203f9539f185c139db840f9eb21b0a492ef6a605d542fea6b9364d96107e91e075c4f76610b886f2662dfb1676080c985ffdc2

Download Submit
C:\USERS\ADMIN\DESKTOP\BBKMNJL6YV.BIBI2

Filesize
769KB

MD5
248ec6ba88560d2d931f206a9637b1c5

SHA1
bc950d9d31a1a45506f47cb1cd28422459107c42

SHA256
6e48749b302cf1b82be41e4e30ad8e1d7ba19b264663fdb057deccc00c5a6e03

SHA512
eba098a9ae0d8c614ac2f9a97e577d29fb8d8ab05acea43bcfcae30c502a521dc4688c12e2121a1a42f3bdcb47e81e896c3774fd89210abfe91488d0e5462337

Download Submit
C:\USERS\ADMIN\DESKTOP\BFTEBTNRCJ.BIBI2

Filesize
860KB

MD5
701ad47729d6f113a1cd9afc4541428e

SHA1
0624678fd847bd572db87ff835d200b846e4df23

SHA256
08c160bbcb767071a2300bec934db4e37f92fe6ea76779e0d02abbea0d7920c4

SHA512
cee58aecf76c494e3386d951733f326ae5270f2071a0f85da04ba74a301274659992289445e612b8151334ede7a9bce74abc74bc9a74acbc949d37ddbdd4166c

Download Submit
C:\USERS\ADMIN\DESKTOP\BGIO92I6BU.BIBI2

Filesize
347KB

MD5
c3a16580ae5a91d1e74a94a6d7378123

SHA1
03fd91676db0b87bc658daeead384e358fe5cb21

SHA256
71719cd6917c574751c13b3c5e6733024ef4576d87de2882466b34b082e305bc

SHA512
18651ff1d4c7cde24a6264cb26701c78792908eda3c0145da0314ef64e5e1e9222f7a52f30f6ef61a71e971973c7cc8705f8bd020ce01bb0765054da0e31fd58

Download Submit
C:\USERS\ADMIN\DESKTOP\CVVV23ZYKQ.BIBI2

Filesize
407KB

MD5
d815efa3a3f4038850a8b77d9863d5b8

SHA1
03da127bb344851198839de361704ea79774ee5f

SHA256
08cd18eaeb9bf54e81efe9f8798ee02b94d7005cd073899e7ccd47bbe292d327

SHA512
b3f861741599040f3e5ff098e5d66157ec9d91982fcbc107f3bbe946160b1b1f8eac6d3a4e4be6506e3d485ddd1b9fea0d61310a2a9662a7bf8d316ebcd8e6d6

Download Submit
C:\USERS\ADMIN\DESKTOP\ED86QZPOQ5.BIBI2

Filesize
316KB

MD5
3d7828a8d745689fbd6fadcb9640975a

SHA1
3f8c767721904e166e91ad3ac3bd08d738b55abf

SHA256
04c5c70be5b69362bda8eaca0ac6a84b095cf3f87c8c187ce3e8009ad26d9fa0

SHA512
057260f3737c0ef32e597ecde6422ebc4978123f5b8028ecc250a1564fe9c98fe29b899f925499f8ba97695dd82d599e85bf532a0166d50fe983cee124ce8428

Download Submit
C:\USERS\ADMIN\DESKTOP\EY414V1DW7.BIBI2

Filesize
2KB

MD5
3464fab5440ae55da30347153f77f4ca

SHA1
a21947da288a2cf250d9c4d53861adcd0f807b10

SHA256
9f443b69b1cf1ea11a20b3bcd16df40b77cf77143bd474800251a675086820c4

SHA512
808501ebb50a0cd33bd5aeceae916ee29856152b74093e1d42bc8cb9d3416ce49eb8c58f828444bbf6d408bf53aff4a7b3127bf1f26155e74ddbbd681507f03a

Download Submit
C:\USERS\ADMIN\DESKTOP\FDLORZBDRQ.BIBI2

Filesize
588KB

MD5
d6e73dbf899e94b4537baa3807bbb137

SHA1
20a9b873235a5884896f239be5673ab2757eac83

SHA256
e0455166d9c7d36a4e131e7599b6baf3e8ae2b6e83ff5bd89700408364fded63

SHA512
69bcf3c737f466ffc32c7b83f9e412dcb3a05ee60ea80b708586414742b4007a95a0efa234b164de342019cf2c0f0d90d66e6656c647b78a18d96d1753f3e6fa

Download Submit
C:\USERS\ADMIN\DESKTOP\J6MEDCA03V.BIBI2

Filesize
377KB

MD5
b20892c7c158fe311bb0f38ac5f2a296

SHA1
39c08e6e1094734f4e38911381d17aa7ecebd682

SHA256
cd54ed8b8b85186bd8e0af08a5c75e32c60ab48dc86e1437bbd98204f7672060

SHA512
85608f7b7c659d1ed6996337bb6ddc14f4cb81673e4d585c76519b78ddbbe0ef8bcc8c705995ff1adaedeb8b003bed3b0b3205236a0565df2c43866eb36fa282

Download Submit
C:\USERS\ADMIN\DESKTOP\NMXET2HQDJ.BIBI2

Filesize
890KB

MD5
c836c2249e2765400b25c1933501e2ad

SHA1
c89acc2641807d904277b45de5d1ae40bde2903a

SHA256
69af59274692bf36c8d7a5c25b7fed699310d50ef7640a6501baa0f0cd49a403

SHA512
1f93fa580f33603234528dcef8b7abbfe21c1ae0aa7040215f296ba78ab2179c163346c0ee06f1614f327e984c03710b6a5e8a3b6fd79257f140ce71329c5173

Download Submit
C:\USERS\ADMIN\DESKTOP\NZOKGPBAYS.BIBI2

Filesize
618KB

MD5
f5b3e7788a0cdb38d43042c8a95bff93

SHA1
3cf99ee53219c1beaebbc41df9d805a582efba9f

SHA256
72cd8b4c6d5e2094b7733ab090a9beb333ee7d5e7142a3c55bddfd48da5733d6

SHA512
2b921caed174d83a4c695427152a9fbfb91685d16dbe71da1367520a4041598624ed584bcaf02582d288a2bc6ef6cd749641df601299d2f09756b718af173fb7

Download Submit
C:\USERS\ADMIN\DESKTOP\PXYFIZ0JFE.BIBI2

Filesize
830KB

MD5
6c9846af94f7328d79102a94706a6f1d

SHA1
b378cbf6754b2f4d5bc75f9c0a2561b7f056cab1

SHA256
f4945875786ea212d21c28f32da83da311df4464491a2078cfdf7e60396fd4b9

SHA512
52dded05a377c199b34dfcf51cc88152d17eebbdaa6b8632d52a44ef71361817b28f2a6fdf4a7cd03df8f3d21d620f5bc1809f93137a62334292bfb23c75566a

Download Submit
C:\USERS\ADMIN\DESKTOP\RYPQAS4FFL.BIBI2

Filesize
799KB

MD5
878d1c5dca5c38daaf6c61864ec5a71e

SHA1
6a003714f9a158049d40cae910eb0100e9ff734a

SHA256
27029a9ceb9a20855cd06e84e9ec408775d7eb305a3512c292fbe3ca432f460a

SHA512
1cec7827e08a920c28ef76748f95cc58d1d3c8840b994e1d69e01097bb7ce5dbf2751c53ea1c4f3f61fbbf56d5260ca880d56cb4c36eb5d21c647390c2ce9fd5

Download Submit
C:\USERS\ADMIN\DESKTOP\S4CFP3AWQ6.BIBI3

Filesize
679KB

MD5
e4c0bec384969f52dfefc5d4560ff724

SHA1
55680120c5fda37f496639026bf6bcec8e1737d3

SHA256
791308a3eb8013ff9b1f721ddb0b164c8c552d0887d1c3ab703c83e06e60e7de

SHA512
e363e32d29140861c7a3f0a3ae30c6a78a1a4c20eb1210158850751a1864ce368a6f81a383dbbf159e2967599b1aeae49f5b1d3b4181fd601057fae880d40a2d

Download Submit
C:\USERS\ADMIN\DESKTOP\VR772ENWEC.BIBI2

Filesize
558KB

MD5
7140934fa503cea9384804f8971e1b10

SHA1
5cad17574323147ab7b563e890730cf2bf15db62

SHA256
c5762f4edb4e3bb6248c375acde106e8b2e186fd484c826e260c4d597a38e04c

SHA512
cc2558e41fa93f76db7538c2cc2f3b211cc991dcd5e0019a48b83ea64b55b7bb34099deacdbbf213c3827ab1408bbae4f7506380ff30312c52463edc5722618c

Download Submit
C:\USERS\ADMIN\DESKTOP\XONC61790Q.BIBI2

Filesize
498KB

MD5
0b7a63f4ffac4a4d4c3616ea2dafa451

SHA1
7dcf01230ff8a64fcec532fcce8ffda5287281a3

SHA256
1ff8886a9b7da00ae6ca709d18e581cfab31d65dd45a52961c409e9c9cc54c67

SHA512
df9419074f0d9cc30d70168885c35361ae4ee23020ff21d2715eee69c5afb9b6b419e85a53e1a573ffc94130c7429636192f9f46b18e900f2c119b340b8a0dce

Download Submit
C:\USERS\ADMIN\DESKTOP\XWPBBH2JX4.BIBI2

Filesize
528KB

MD5
ebc9b9ff94b282473f1ef38501175de9

SHA1
1947152cff50917273a4b2ebaf213c1a7b36bb25

SHA256
3cd334ab5f3a02fe5a7a6ee21724abce4a1051982a6023f7ab563481fdd8d42c

SHA512
9b50cbb968bb8a06e6d6a6d9e60233e12ecbef59f2877c3e0b99ede4524869926780db021eaef0133bd65b1beb261bf9d74d54b938b434cd74165de64303abba

Download Submit
C:\USERS\ADMIN\DESKTOP\YGKLPFAD9V.BIBI2

Filesize
739KB

MD5
f12b7274ed94ba7f02a651d2e4241cb6

SHA1
213df29dd2e006c1168a3950a43b462329074ea2

SHA256
d2b3c470549f6fc460f2dfb3ebd48e46ab1637b50b8d381e72f291e7ee03d31d

SHA512
79ded0a282e5b306e927397d7355fb3bb9d857086d7d64623f5eae2339a375370ec90956dd8b503720fac8e8ab37909052991b260d99982dadcb54f96d4996b3

Download Submit
C:\USERS\ADMIN\DESKTOP\Z8YPH0U0IL.BIBI2

Filesize
437KB

MD5
3de299d3e896c031a25ccb2581dff053

SHA1
c0ebf5f07dac9c5e5bfb38fb66b5750f13945ee5

SHA256
133f601cffc37a49d5ec3d1c0dd0e0cd73bc27b3a56a4d2c5bdd19e81814f098

SHA512
56f9d5269ce900b6070d97644326acf11b41e61c053884f0572b067991a33b063c291cfaeaf97e2eed91a8302468397cbca198d805495ef4e487972b9164c369

Download Submit
C:\USERS\ADMIN\DESKTOP\ZSQ1QIJI3O.BIBI2

Filesize
467KB

MD5
fbaca9f814ad8385a119f29ed01d42e9

SHA1
78adc136c5a8df92f292ce5eb27b4a3b990f8258

SHA256
bb960340a098d537bbb2f879b0b203d44e0de019c646a069ddfa6cd154b2f13d

SHA512
0a7cd61d1385b5d7bac95dc562618667fa33fae40a35d507f6e111a8dc7b1fda1e140f142a54e27c44f69579825945a8bda67a832693bf6b8682110a231e5827

Download Submit
C:\USERS\PUBLIC\DESKTOP\1O5VUONMBZ.BIBI2

Filesize
1000B

MD5
ba619453922b41b164cd1bbef4c22cdc

SHA1
1e73e0b86b50ae3eb4b702f4582655cc9de87c6c

SHA256
705aa11e514b813649c92ea23b389652a951f5e59cd8699aa80ec69fdae7def4

SHA512
dab4a780e0b0d8ad76863d1a09448710a25159a5bc24d08dfbd62545ac2fa848f4a09f71dc029d20769a7c97322f5235a2fb3643f812cd4f4d2998e59f119a10

Download Submit
C:\USERS\PUBLIC\DESKTOP\K2SNVFAHII.BIBI2

Filesize
923B

MD5
899adbd277402cf0d00828ccf66bb82a

SHA1
10f05d952e5368fd12e6b79d388d705d478b6cbb

SHA256
a07b8a0fdcd7bd42594291c1f09961954f413fee5f861d72402208e7041aa2c7

SHA512
02266624724574052ebe04001fd3ff436f0970183e2d7b31359f5e996127fd1f3d38c87196e8eaec679f1cb1a3f106da094c9b9f37a13c145aec480ca6cbcaf9

Download Submit
C:\USERS\PUBLIC\DESKTOP\MTC7XWAIKX.BIBI2

Filesize
2KB

MD5
34ad07c9644931bfae5498397cc3ca77

SHA1
dc2c07443819e53878e1ca3c93a9b44e59dd7342

SHA256
0e1656cf43faab65076fb1a06ca96df52ef17f3d417f57f0eeaa6c038e6169b1

SHA512
13c1af706765881c18935de490478030f7875214f336becaf15c26bff743eb50e130c2f9a7235b2bd2711f5f625c39d1752f32549b94fc5c2f9e380776dca490

Download Submit
C:\USERS\PUBLIC\DESKTOP\RB7O4V7REJ.BIBI2

Filesize
2KB

MD5
e26ff2ab852de293108a9b3fedcc0f38

SHA1
96f2bd21623c0d8115a90225c5a6aecc08db8c0a

SHA256
308f48e20530597c7d5b9fff30fed9280a086d650c318e7d4305785fa6064c34

SHA512
7844b11e54f5e07765a9b05d31050d194c4f1822db6f071f8abe362b45c73233735c563eca6c2bffda3e3e2a581b0c42aadb8c2567acc196bbea7e66d01c600e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
b36d2e15b6fc4eb6a6a68b102981f49e

SHA1
106028ad96d4edcf950ef320e84b435563b92ac9

SHA256
d67f5ea8943a8ed676422ce736b3ffe768e323f7fedd872367dd38e0ad1c8a4f

SHA512
80cb14bc81b5367022456fead21fe78f93be878de58f26b0ac8d533ca6476b7db80c3e6ccd1917d3b27e190f780d4476200a744df8d605d6a01abfdc3649c76f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
cf45755e2b0cc968e78fe845d3928a6e

SHA1
571c0ba8b935992f9cc56db08d8f0fbefa9c6f6a

SHA256
c8941381eda04ac7287e82b68abfe32078279d33dc03206d0c7b10aa63cd77da

SHA512
c31b65bf97ba7d8de4126f2ab953430cb920df9b8e0b9ca140db6d9c28d122c34a73937638f2d48fe4c7f9815d7ed86e121135cec7a9c36aba0648344ed457e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
4667e07b44aca2ef4a0953e00971506d

SHA1
d3353f5dcd84d6943aa9edf703dc458ff5b64e2b

SHA256
7b2e26cc8fc7e6d6d67b7decb4ba42fc06dff20130da33ed1537ff4f9956edf5

SHA512
4211ce4f7d2449c517d3aba7f71ab18cc29d3c178b4fe0bdff866e2b69e57b3d46981620d64074a4b98a58d5ed355c4591d197de093a512466192fd6e718e639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
e69095aa244c149a45e7d37e327c9907

SHA1
9b1364b76f41077d13965c83e9ef5811b400b4cb

SHA256
0a524db330ee6b36eadcf979b3864ce045cce346ea8611ea488ca7a77f37a916

SHA512
eb5accbf5b91a03dffbc5a542c1205585ba28adf5d67b721f6c6e985f3df5ab810c04d3c65f86dc718a1877a04296ed1da95543f05093ec3c20be759f2f1a9c4

Download Submit
C:\Users\Admin\AppData\Local\2aCQjSoeEy.BiBi5

Filesize
10KB

MD5
b4101b97698cfbe2edf4d63f633efae3

SHA1
a90c2eaec455536dd105dfedb71d9e87496e4b0e

SHA256
1db52fe340f08bb2b7217a2a64f2567561fe99e00a57600a92be1a27a8d93b24

SHA512
23c8d5aa1ccac8454429a720cb526b0246452b693685e06c460ceebba883423b0e752af1f6ff0dd93b2043b5d31fabc2d2629b26a9c9d0e6668f82e46064f91e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\6zkxHvWmsn.BiBi2

Filesize
68KB

MD5
8e30819fd0444955c09bcd261eb864bd

SHA1
532af70babf44135cffc1453ce97715e31768f96

SHA256
ca54546f9550c795f042ec94bbd38e8db3329ce172fe4c961158f9ef16bfba90

SHA512
0b6677ca8e54556afc7d908a94788f444e909794a84e1a6811b5dc063b748493d7ea8b6f206b6f6e73c92ee7c1836feddec98eb093157d53dda2eb490a592aae

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\9N1NqCzmUj.BiBi6

Filesize
79KB

MD5
341af0cc3d03a4441ebf9f68c233c491

SHA1
3189e81b008681316e6024a568e747b776eddbb6

SHA256
a0e70ecbc878c95f2d17666e849592fe3ae64f2fe83f23e2cc2e9c289a77036f

SHA512
c1b24a8800d1dac143995a1540e61b1eb30b502601c725417a1991daa4d6b9d2034bd6035a470ba12b31d0fc39ab353124629318b2cc990fac27ae523af0227a

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\BUTMxxdNP1.BiBi5

Filesize
68KB

MD5
aa51dae26193a5c5978b67a50eb60e6f

SHA1
608dd21228af1f35cb7757cdbc45124864e2b391

SHA256
9682b4ec9912f9e6c117f06af7de5016f73c550741877c62ba48b385df949a4f

SHA512
fe54ee27b0e5da740b496f155325c3724c7a13d06a1b47e51c50baad7950c0a2a0cc43868150947b9a8103ec56960624dfb7fe9efbb2382726f832c5075b0d52

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\HMxGNjPVlZ.BiBi5

Filesize
12KB

MD5
17455f0bba9873ad192f7b067c83005b

SHA1
905f2269b227240af0a6d24fa0774a97f66d37a2

SHA256
35488b509f3b6de73a92c5c789d2a2b56c809d950048bcf2cea9ffea21cbe12b

SHA512
cfa8e96cc418582d75aa0df29ec2e74d7d8dea0d5330eec13603566b779bab4bfb1a3a8ff6306c55e8bdeb4e6a6cc6f79ebae85f2edcf96eddd6e3702f8428c2

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\e791yQWvUm.BiBi2

Filesize
12KB

MD5
6ed492ef30752023df25d04618449afa

SHA1
174689f062b8ebdf82e032c3d5d1b7b5b6413ef6

SHA256
5b08d9d1b2a5bd0d1288c8d2ff788f26cf51b81919563221c764df012b39f737

SHA512
c0fe3d6b2098127979ae0bf0e677ab85e93062c08a6616e4471f9d123c54b026b46a86080f71e0e691b80c0a753adaaac57baea06a1d4a98a575d1fb9c29b136

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\glBRb2oq2s.BiBi2

Filesize
32KB

MD5
28fc1082e8eade901c4f78437877bfa1

SHA1
9e2ed6afc94ca8db9a7adcaade8026d83b75331f

SHA256
e41252bd28f9e840604a7e4a3fa6c517f1d6ccc6da7d1216d6bfc7c29c37f314

SHA512
3cdb973f02997624b688124c890c0141a647cf0d939617160d808b7be62e6c3c9b5221aeaf2771ecaad51ac7fed3982db91b32785c5cca8858e7b9576a795ee9

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\Zciq4Dge1p.BiBi2

Filesize
64KB

MD5
a074545608f72268c2e85b20fcfb0b1d

SHA1
57f0175b084f6eb5506b17a19d406ebe1e2cc35c

SHA256
889a4b2422b764083a971560962a6adc63ae0913744d9b8aea11ba10605ea349

SHA512
a111e39c7a94abe0cd7c85651b663925875ace93f5b3e1b9ba82729800434f716ff797d3c824326f9974f62120b6eff766bf5feefd2c0000a3c8e61a32f14bf0

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\70nlXFZNoK.BiBi2

Filesize
3.0MB

MD5
5fd2113ef18347fb213fe0a09ec1f73b

SHA1
bb1aadf678156204d68327516e3c72c68ccf1d75

SHA256
a3cbaa9f562c248410e8cdb6a46f787e5226c0379bd177a607ba522911edb529

SHA512
fa976647dc998bcdee2dbe1e21897c050e43b4ae5788657b708d1d3b4edb29cfc303e44abd01d07494cfa61d7510479fe3edf56b392313acda1ec1246bb00134

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\94rgbzbND6.BiBi2

Filesize
3.0MB

MD5
df2d739450f83cc2f04751f4b407f050

SHA1
9b7a379f097169967ccaafb419b21e099a905a53

SHA256
659dca44b888ee26db473a83ba8763d69675a1ff66f3d42a8b710f9dc32ff9a5

SHA512
4ed1ce3012819c7798600a371533089c792ecd49c78fc0e3306704f2da82b3fd3c64b42cfb3769b8872f54585546498a190ce175014255919515a64e699b0146

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\Cfu7OYIIHN.BiBi2

Filesize
6.0MB

MD5
b372c48cff8c7e5994211f1d7d6e8880

SHA1
7baa779f332aafaa6b0bb93f893667ea87f37d98

SHA256
7b35e68a99a8ee8a29f9cd21e73d7a9a2bd8d17b4067b4ceb355b384fcaa0106

SHA512
31eb03fe7f9fe11192282868f42c6a6953138d441ff24b0ce12d092f62bca6d5c5951e131918438213a377506f0d303d0930abfae5108bb1906b4582ea8a1ea0

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\ZLvkTO2t2t.BiBi3

Filesize
3.0MB

MD5
2b67642b410c51bdff8105da624fdb49

SHA1
4d82f9a26e6c2121de089157206ec0f1ba602d8c

SHA256
64d31d076780e5f7f2f46ca341db7925992921a58aaca0ec3bf5a3c71155f069

SHA512
0877a3e931c815402ce8660341709e2439c194fad3cadab00ff81fdb32ce4241327a885054065c92b7d7c3d811d8c0f2139d3ed07cdcf497b165d1077a139f24

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\nsFsyGPGs9.BiBi2

Filesize
3.0MB

MD5
f0696599f4c375a81797e4265b5210e2

SHA1
70be4f3279c67c5124dffbbd2db24e7784a2ddc0

SHA256
2f2df3af8da297a4c44f8c8f19d358460e11a5cf46f2d4e276fc3b827bb0c61b

SHA512
3f58a6aac57bfd5d589db7b3d40dada3c11d04d85ee77f26b77ee52762a84e3e5cc9517c5b3c5734cb6a86904332f063f642c3b8c022e2f5c308dd5fbd185f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\kZku0yZiXy.BiBi2

Filesize
4.0MB

MD5
4689f7763eeba31b649a6f1618847499

SHA1
fc53a6392059191e9b5812ace8c2eced4a39f9a9

SHA256
977433b56995ce7c33a0b6097931ddf9c547c5c6ab1ed7d2aecaf9ecc82d34f6

SHA512
af1846c4afde31fd099e04c33b912361f5fecb11c660e5cdfad9958d99b8959385bdda7f50a33946c2e15af1ce2e473d05f919dedcf4a5434dda159cc87d4e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1b4mut1n5i.BiBi2

Filesize
46KB

MD5
4e53050f11ba4abdc8f31ac9d3dcf560

SHA1
54a2dbc7275f4f16f15e8ae178562f822d0e0ebe

SHA256
c11883e536990ceb0612dd2abad42870560bb26485c1b5f9a804a6b88442bc48

SHA512
120ac6ea201aa0c19ba4accb5c82a96b7975ea483d3e4195ae05cccea88cf4c27c240946b874478f8fadb2a49bbfa08722bc6aa96475a93ead71a0f7e8e45079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4BisDYfXb3.BiBi2

Filesize
46KB

MD5
432045e4ebe3a9a1ae7d6301b611391a

SHA1
f161942f4b36822cfa95385a0b717f845bfe07f5

SHA256
3a4fc679b0233feedfcdd939692bb65b8cb01ca2bdf2e5a4e5507fb356b065cc

SHA512
1e23a4d2423f946f1e94f1937427e93626eb3edaf31e18b93694bd3d74cfc62ae9a9d525790e797720369da2bec1668a2e2540ac4861edccc398359265c85443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BPB4DYooRh.BiBi2

Filesize
128KB

MD5
f900dbed51bd93c4c2d1fc6aa3324593

SHA1
7b4b1f4e0db0ad868d55581c379e9654c11dbb10

SHA256
7a6f85ef36472f957c04a78cc93293b37ea698f50ee9b8c8e58454d85f47626e

SHA512
deffbedf3ea479559e21398af07298501632aaa9e548436258f459de225c47a2f6ae506f11978b30a2a39d506078f9d190545fde1e5d614a54740a00e7882ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\4YL0gqoQXj.BiBi2

Filesize
44KB

MD5
50204c890cbe6e649cdedf3965e8377a

SHA1
b84d84ba9dc8a95d58537f0282342fc970e8efd3

SHA256
01e0761372fe2da6a5571e376be9655c88c102b06719121caba762247c2f604f

SHA512
fca9a773f7961894edad77e59b92f9972920857391e91d0d62fb467328be16c07115d9e46367319f8d4159c9d09a593ffdaaf82f1e0ddee8d90de41d747aa840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\EerC79xdLB.BiBi2

Filesize
512KB

MD5
2f732818172b14404a2bbb3b8873c34b

SHA1
23c745332213c8a1afa82df74348a2b813657284

SHA256
60a0329fd96040010ee0a40e340f0758314c7f8846a20e466804d39f49634713

SHA512
3c0f5000aafe17042698b94473e079ce3e3726a16f9dde65256c9eb6713112f0ff8f66105f1f85842f0b42e1c954f2e84d15f39ea44babbc585134e05d4030e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\ILoLgZM0NQ.BiBi3

Filesize
39KB

MD5
744fd11d5dd4b40b6ce8911e83a45d4b

SHA1
5e55753736cb410abdc9664b12af8a979e6e7f58

SHA256
fa10a4a10ee3c105aa7ca4e4cf21e938cdd3a74fbd42dcb8d15d857113bcc88b

SHA512
a65e40cd6503b53fd36290196d4ec1159f8209caf275d347eee3932d86bf0fb8627b509c77793956dd8d903a75587ec416d6626cf0012c2e117e82ac61c41133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\JGnDjyrjxK.BiBi2

Filesize
37KB

MD5
ffa68a88feb0518ecc520826228026eb

SHA1
52d527fee0be2f8acdaf2bbeea4c7a8f745a0178

SHA256
d4c0cdf11564e10f003e86ca0bafc59e630d8593291a102071017a4f4a7a38a6

SHA512
d4c3ddd15e1402bacaedbea399ff72b9bd85e801dd9e4ec95ec906aafceeaa85fd8fd3038bc8bcb109db7e302d065b7b3f0a42fe0721f25f1b69a5cda217c4b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\VoLaOAVFvG.BiBi2

Filesize
40KB

MD5
a34448ec6fd9f310a37789092e9a5bb6

SHA1
7d2c4df47c9669d18fc9f6f670e0d365cf0a45ba

SHA256
486d31b0c619c666fb7d17929bf9893a7eee192b5ce9b5b8341946021fe0b327

SHA512
0a35272f974d039f4acbe67cd64416457b133f31a8b9477c1ddda507400e17e756316b46cb1251ebba9e05d95c5091bfc74389d293175f3fc5e6c08c0b384b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\ZLch22pPlv.BiBi2

Filesize
4.0MB

MD5
607271e00baafe125a56583bb45ab06e

SHA1
84566d9e5974e1e00af853a923895fcfec172c4f

SHA256
99ada73eb7939fc5500e9c9e2f166bbf72b2221319b8f7e3630417566b9072e3

SHA512
e11b9d6a531d3ef9339f618fa1c56d183fd6b88501c7fb9def627253c9512deda1158dc53100e0bd566f6e9d55f0f36988ced18bd7267edafd5788bc1afee90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\lEWmQKYgNg.BiBi2

Filesize
1.0MB

MD5
3aac7bb6a54360c8b18baa16be9d7ee3

SHA1
78ed8235c49bd59c50ae52fab22bd241f962d370

SHA256
489a371e92ad9b0939d7337963dbe81e6780d30365021d66ce8bf0b018415765

SHA512
eb79f6544f93a486b71cd2757f71c966d1a733dc5a233b034cf11773927bf85ef32f65d31380d334e56d8c5d7f8519539386bf7b8d60daaa700c579614aa1505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\sSugtF8MJz.BiBi2

Filesize
264KB

MD5
edcea47728174949e3380c330d7ed156

SHA1
234270e61c4f10e8fc63c9d57815376d1b8c4281

SHA256
c95fd53db8181461d4b29bb66238e64de3999dedf71fd810bc65e8c40ae4317a

SHA512
f7231292a9dc42ebfb049b25e92c9958b274aff399bca08d22234c6ee603c739753391944654a9264aab0c1297c89c658f924cc56993f2522394f0bc8c7eaa97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\zioqFrcumI.BiBi2

Filesize
56KB

MD5
b537c2f35b1d7f0ee80f1c3149e37eef

SHA1
9997eaf305876203bcabb5459ee564b69a43d0f6

SHA256
927dcce421a8dc8bb91cfd18f774c438ae5811b0dbbf7eddbeb7c06e9dde6276

SHA512
6a2500d1cc8c79f19df1abefdb704480e4864f5c65bef708478eae50909db0fd04e3308adb2ff93d31af99e033121645912012058dc7202b50d6178205a1221a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\esGCCkGlWy.BiBi2

Filesize
264KB

MD5
ffc4d038ba9676a7b2ec76e405473f68

SHA1
a6332b3fd3cca63ca2dacf5921ab5fbf2dd2f0e1

SHA256
1ba2033b39535d5a6135c963aff9fd33aeae79affda1b6e9cf78723fd21d6cf4

SHA512
8e7d36e725a45e654b02372e29525c54a2b1fbedc18fe00ad0e9ce23e3f049a33e8b4e5b72c706c71ae4d189461929526b8d66b8a9c1c12f5523b1821ebd1c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\ghwW3dLtUx.BiBi2

Filesize
256KB

MD5
097ae34bfbec0d79cfdfffc031ef078b

SHA1
cb2f12ea3045a993bd53f29fb784ca1b0a5fc3b3

SHA256
627e7d1bf71b2826b1ff8d1a501422a98aeec3386632ec24786741c93f82fe10

SHA512
9441ddb3a9ef13c24e8ba5409b09305834fb8c90984ba4e0868c2f933cb683f737b9955f1d9e1dbc7d57408f5f0dfcd6cd1fb9ba7fc4566d5a2065622b349c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\M3J0PDBlSI.BiBi2

Filesize
76KB

MD5
b5642966642a134e58be5856f8964ad3

SHA1
1fb7d619d85e42110e19947e110f7bbc82fa280a

SHA256
87cb7101bce10b7556b135c2d5d6b2f4ee2662130fc0c38211f9cc797be24ad1

SHA512
93327dbcd1a9dd1f0c2c1846c8b14fab1e7e666c1003dd784a39bf3eeee64218b8f254c4d37db94049b502e2df926ed58348a6daa42f6f9a5f43d8149f8be2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\AI9XqwQ8rs.BiBi2

Filesize
18KB

MD5
80b1e112c3d24e415fc3c37ee8bc81d4

SHA1
4797a827798f59dfe8b10d3ae3607c8e4d7de8e8

SHA256
10fdae1413c54446f577508f82648a36772e7cbcd643f515c991f563fd9c2024

SHA512
c9b428112c86758af1090cdb5f14664f010a56fb2bdfd6fcf52262cd7e98b04351d8f3fb7cc2e31fd83840b2127fab163276f7a2ca439672f417038faaee48f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\MIDnGinsB2.BiBi2

Filesize
255KB

MD5
0978a1f875e43ef0b3874bfbaa717816

SHA1
2b82470b43b0bee0151102d232d615a3c438b8c2

SHA256
11dfe9df848c523d26d38f2e0e52894bfd84f1b28eda3eb224a39f130c8159b7

SHA512
b45726957ebec7de0d18e377c8bc0f5860cdb1eaebcb80c6bc63f57dc0e1d67dd3090758745ecdd01330c50deee9e19ed426ea54d5ba32ee9a188def6b2b001c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\aDR4o0PRHB.BiBi2

Filesize
531KB

MD5
5d4c7ff71f87a6528e51df1614393765

SHA1
41a0c1960ca733351b02c958ace9961948c74901

SHA256
f383d479c4e20ae0fe7a694a69ce590c529052b5be5a612a3471a1996aca4357

SHA512
f01eda9285fb075fe8a242b67bfa23f8bb7540fec5f87a089ae4eb9e9be2004d13c7d685040183fc97d39bf485a764abb839e1b7c33e9924867557ef3b7a27b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\BIt97UPVoG.BiBi2

Filesize
68KB

MD5
d323baa48848094b9dd1bb7e782fd226

SHA1
59b075e97917a4d70d004408aa230cab9bb1d966

SHA256
0a3f42ae7ddf579176a6c01bf12401e8534cd1c7e9c42333d1ab58c942c6b25c

SHA512
f14852e9982341ace1526c7c94d069adf700969fcb429bec618205d57564ae275bdbb6a72f504990705ba3946c7206fbd8aec71bd5143f574c8287c2b0cdef96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\In8EMu6NPm.BiBi2

Filesize
15KB

MD5
544552e7b8cf5b22d45dcdbe42b56d58

SHA1
3a8acffdb9ef8325f03d8841979f456fe5865e52

SHA256
3a47235a208c89fa746592782b5d7d0801b32991f535e9e6ae367d61748b08d3

SHA512
03cb24389383d201e5868e1d2a42fbf134fdb5d26f8e33fc3c9baa9e5b732ef8ea0f342211250cc36d81904116f33e21d9a39e362abcbc5531671deb97681484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\UCfRQwrMgQ.BiBi2

Filesize
92KB

MD5
bbd78c8bec17c9b753e2dfac526dd0da

SHA1
e86d518212583248fc51bac3fb3b5bdab56f157f

SHA256
51097ce96b45470125ca72f30f705189d74fe41d3c846df572c9434ec02ba55c

SHA512
59f3618f67af07711bd78f8f775c7712646c8224cbf411fa60ba9c73bdd140c10481ff0157a1c28b217c4b08d9acbdc46d5978b33bc2a0b68a1de7b66a645419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WHfst6GIyh.BiBi2

Filesize
36KB

MD5
05ebeae2152e77514e050722879ba5e1

SHA1
3678c00abff8a5235a140c9cfc174e243acce034

SHA256
ddfb37b10e75f1b7aa738397144b394985d0643c734345177c04343e32a5900c

SHA512
a03d3eb644bfcc109ba94067b0fbc5672ab62739bb045fb9cff59086df1ac179d29620681ab884ad31ecd52fa5c41c0f68a81321601c8df93e457a3ec02a52f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Y2spv4UTqp.BiBi2

Filesize
148KB

MD5
984dd7042ae9b985a1799eea1971408d

SHA1
e43d0bacd25877ce118fde8d3be453bad075f854

SHA256
66777ba921214cf7a5cb7c609bed828e12309522e33b3628dd43cb3eca36e150

SHA512
96be8237670f40a2b5d76951a39e2166834c0eaba1758650f040523a46fde7c880f9d40aa5531436a5e53d47577c5d7bf4699df1629a178b6624be221ab6254b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\da8ygke8rw.BiBi2

Filesize
193KB

MD5
8c97890ad473975ed2fecaeff7eeb893

SHA1
e4d82221678be6aecbe034eb4ddb5e9069c4c0cb

SHA256
f52742dbe5219a0c2f914d0044c17aa021582a405c4087e4c32e36a3bade9e00

SHA512
de0884d9493107bb8cfccd1de2d3d26ef1fd42d54e2ebbb7b2fdad85f08a76be99585fb70e2ae7ed0ae616eba6891ce290a3ddb9a4baf050e0c305576848bb72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e4RSQ3zICe.BiBi2

Filesize
32KB

MD5
7821f04807f39bea0614fb02ef66909b

SHA1
8929d865d6daae1974fc5a55b5fdeaf465dbc121

SHA256
853f07f49b88e2671300a439ec1a938b988b052b069cf40fbfebf324858804da

SHA512
556dead2dc06544e8538eb99d76b13a96afdeeb27375b5f2002654bc36c349cdea6a177a4ec9d90198317ce4d2567df870c159077e5fe7fbdd35ddd0f68204e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cGaZvCiLnS.BiBi2

Filesize
109KB

MD5
614a032b46d24837d492c33cf348574f

SHA1
9beca825c48069504dd139f458a06f61665a16ba

SHA256
92d4710e5ca4735558e9f2131d462318a3bf42be0114ae8684c0244365ac65ff

SHA512
edbef9b9386cd89741afbef49cddfdcb8464cd0df99d52fc3602e9101fd73eba7a1d6f9dfc7f89eb5fec692dda4b4e3037c419414cf6c09949c3ecca2e946215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\gjK8bjXcbV.BiBi2

Filesize
1024KB

MD5
73ce6dc3acdb7489412cf21bc8589fc5

SHA1
2297a623cff6439db6754a1a21e4e281adb08a99

SHA256
33e2bd5bba638a61e003e9a06d80f5d7c2613b504d105df581dac0f0f72d8a19

SHA512
2e2558e162b0ef3d7ed7f823591131ab673efe338e33f21380f3e5ef41647b1344748e15436435a3b47aa40ac303300f6a9b239c2de01c48ec84cfd252082937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ru7BiWAvxP.BiBi2

Filesize
44KB

MD5
961d6812796d40a0cbceff73d9893104

SHA1
fb7dc732337ddc056b93ba54fb3263210df59ae9

SHA256
dadcccb7479acdd5ff9243a079edbd1248e9d26b75ffe80c54286ca8a772ef43

SHA512
200109b5e20ceaa643df78981f40b2f71f17b3f2f8d3757e7514505a815d421654bfc6a9588d45c61bfb6dee106c848c92c4779083c7760e6d58cd0f4b1b011f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\CacheStorage\fUcvz290s9.BiBi2

Filesize
512KB

MD5
373fe958aaf8c851e1dbbd7b74ef50ba

SHA1
9964c33449bbb0a078540b99f50bd74e3c6ac1e6

SHA256
c5408197dfe264e636e3c4784c6b3c31f19c8ca5af13d3adbb59e6a4b39f13ab

SHA512
1c1232f9a3228e8351cd43beb8c160eb8d33762d342d385fbd28e846bcdbd5b8fc8bd4c3942cc04340bf5f8df17f3fb55c27a5c92462b2fc891b4d0a0f4aac7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\CacheStorage\jy03FRkldM.BiBi2

Filesize
512KB

MD5
4095d26158703fb3d0a24185c2b85704

SHA1
45c79dfbc935059c3115676cad77870a6726b6ea

SHA256
4260b8ae6c0643a0f834a70d0623a113df80f59f5741642eb113b9e597ce2fee

SHA512
35f8af39811afb1e34ec11fb0dfc6702a19dd8ea124e15c4e9d07dee6da45dcb12507ce82c7d420f2acf5adb3b38b963ab21c8a9b65ea15b3651029894555676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\oht1E5Lj6P.BiBi2

Filesize
6KB

MD5
1374eb9c584e5252ad10f2ffff927dd6

SHA1
1fc2e634d00218240c09194ec1035e636b35ad15

SHA256
339fc199b1abb1058e32486263cf65922453fd9bbd63aee2fc307112734fb658

SHA512
6799f705efa64ac15ac27639065ca215a6591e8d208eb64e483eb55b3f9c569eb654ddfd38ac28ab6d1178f61513761108149b45f87f1e7276255eebce7f686e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\9OtrlwwHYC.BiBi2

Filesize
374KB

MD5
2ec1843dbc221f7c93a562d257cbf28a

SHA1
e3965433cbd80f809c115b342a985a6adb57489d

SHA256
f0515e6c7a25ca58507ef2393cdf8bdb042c190718088550206b049c8a674e1e

SHA512
a835d582b759a26144607490f1b2d7403fbb68b4f0f53e0e218e40d0c92846612009234fe5729754e454be087ec747efc1c4ed022dff807a77e746a58a2fd41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin

Filesize
413KB

MD5
2350b47261040b1ee32f7df427ab30fc

SHA1
e656cced405e01b6a60b7444b2c9e1b31ed7c63a

SHA256
612881f476b4820221970c20f44ee5d9cd9c64a2cd3c9ec82e6757209c0184db

SHA512
a9e5838e63c2f786d57fd3e808ed54c6af0f7fc60dcc9cc1d606309d976c1b8954ef6271838db3e20325a6d66889362e3f28825a6fdba5075b860efc43d1d941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

Filesize
174B

MD5
e0fd7e6b4853592ac9ac73df9d83783f

SHA1
2834e77dfa1269ddad948b87d88887e84179594a

SHA256
feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122

SHA512
289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

Filesize
174B

MD5
e0fd7e6b4853592ac9ac73df9d83783f

SHA1
2834e77dfa1269ddad948b87d88887e84179594a

SHA256
feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122

SHA512
289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

Filesize
1024KB

MD5
12ed8159bbfd0aecf8a709d26d39fb51

SHA1
8d8b5043867b9c36e93fc66e45708c7a573e97b1

SHA256
fcef4a457795c2cc760fe31a21505176a527edca123c9201f106c772d1ce4a0f

SHA512
bc7ac4244c2c624a5328d6080f8444e99f548d9468a962175896baac9ca50e1d9235a082e27b21b46da7de6a5177367f9a968eecb5ebf57b168ef536c15619fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db

Filesize
1024KB

MD5
30ce05521c028924888c31f6722c14b9

SHA1
bcae50c2ab7ccbf71c9b4e2923a6cb54b0bc1a96

SHA256
da3d078ea6543bb8c36afc1abe19e902c74cb167ba77e7b04652a22edac48dfd

SHA512
f8d43b49bf721658ab7549cd7cc7ce8e3ad4cba53dd963b2a55aa8c612eccc0e75bb3b15f6959f3b35890fcaf9fb2164617007d5d4d982e1833467844fe56691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db

Filesize
1024KB

MD5
52c047387cc966aa41d10a962a1a1147

SHA1
4641ec8b42b956caf04b7be12b202eba5ace3ebc

SHA256
3969f3b857e9412cb0f62ff2dc62bfc75cb2c4223b5d648fc35e0d973263eccc

SHA512
21065b654dea5acf84c474676963b1454359f73a47fa37fa29998220f54d4601a45fcb3f683d05b6f12abaeb236de6b053a9ba3b1bd7d64bfe77438553cea2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
740ab836f98f3b212cdcff92802903ea

SHA1
0e6bf875be22f848a38c6d92272e99b69ae45ae1

SHA256
1dcd999aa76a3a588ff89bdfa6b1e505c6d41225c5e8d1ad285c3186c098001a

SHA512
61a008fc78023904664039402081f1fefb1a65f10c1f1906817b74bbffbaeccaa7a372fcfa28475c01895745b97746afd727d8c8c57e3f1a4c7b52ffed9626b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
d7a4a293e19177c55f5b070ab4a1e0c3

SHA1
9c280142abfbe632d433c37bf6c5f9eaac56f6e4

SHA256
5a4f411d650ad7b371ca25e6a0fd06e3fd5ce54da597b4392df3c641fff7c4b0

SHA512
b17a0a2b9ade060e08d4d23c49f236d2df12bf6e16223846789bab8d16b46ff0bed1e020565c905b19da9561052d0181956e2148e534fec186713459bf46df23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db

Filesize
1024KB

MD5
9b38a723583370a99ba49915da2b777e

SHA1
80a2f63306d9f24c27564732bdeabde6af0e8168

SHA256
469f7a7b84e0c20eab2d3d2a4d8c44fc831086906ba57bd5444255b281fe0c2d

SHA512
47956958f20b42a228464468ccc3f811a5aa1f99a8e09ab5042f5d9edc7ec7a985a6a68cf05df740c29695ec07371f0c7eb90f3c319d3a0a49171caafbf44907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db

Filesize
1024KB

MD5
d8710957d6bb8a80ce78c3af4e2b21b1

SHA1
554f59a625637e1785937903952e233742ff597c

SHA256
728a6680f21a1190d38b6fe8ac4a12317c058f2d3f236a89ce948caf7463203f

SHA512
3736ee2d43fd3d1323f68e37904a58ca28b5aeabd715aa01c5a68c4d93cbc74bcf4f79aad53541b0982ccff06927192a5d21ba68b02c6ad4b53682d383522c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db

Filesize
24B

MD5
ae6fbded57f9f7d048b95468ddee47ca

SHA1
c4473ea845be2fb5d28a61efd72f19d74d5fc82e

SHA256
d3c9d1ff7b54b653c6a1125cac49f52070338a2dd271817bba8853e99c0f33a9

SHA512
f119d5ad9162f0f5d376e03a9ea15e30658780e18dd86e81812dda8ddf59addd1daa0706b2f5486df8f17429c2c60aa05d4f041a2082fd2ec6ea8cc9469fade3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
7KB

MD5
95e007d4355076c3743e469b42f62b49

SHA1
593c1b531356d75b3ed6ce0a2621092fa67cab68

SHA256
4d96fa941f7976d5f50b8c347c9a07dea105a53123e977334277ba42b0fe5f4e

SHA512
c65250fb615e56628a8ac08107b8eba410ee6acd61dddd86e2daea7d83ac1005e0d7a43b22dd069ced0407d89a57ae320e18f9441fb948e9e063ad79ccc9d13d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\IYDZO99B\microsoft.windows[1].xml

Filesize
97B

MD5
85c01cdfb98850c6d9f74fdee01a0288

SHA1
f27d1b4cebca4fae1bfcb132106b731cdf006388

SHA256
e391504fcf710531408cea3d8dfb9bdace3aa387e365e8631677d66ab652ee0b

SHA512
f97fbd626d90f1ce1f98996b0afe4d24e1d43f4742db65a4b1254ac9466746e4bc444ee7b16e9b4283059935a204f9a56a4bae0210da568b14b58496f6fdbcf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres

Filesize
2KB

MD5
45ad165907bbb60ee22196d3ecd5c28f

SHA1
72de0bf2e81c4c9b47e0391b27594767b4035ad6

SHA256
8e179c1cd39aff33c0c46a4bd5a2b483b248c957cd0d2f42589eafb0ffeb27f1

SHA512
04d08a6e3a343850fb538c9052ac28e59b4c7f4ea91194016f5e137f9edf017bce61dfe078321ce4c0b343bc505180ce993459ee1f5420d55d871abfab45b82d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{51325390-AE6A-68FC-A315-0950CC83A166}

Filesize
36KB

MD5
8ab0ccfe101f2a223bf9fc11f910ec64

SHA1
86a7cf51b399bb786896fb77f59ee8b4844f5afe

SHA256
8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a

SHA512
b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C804BBA7-FA5F-CBF7-8B55-2096E5F972CB}

Filesize
36KB

MD5
9f1ff11e31c55a87372e85612ca3c290

SHA1
c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d

SHA256
0c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893

SHA512
dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___docs_oracle_com_javase_8_docs

Filesize
36KB

MD5
8aaad0f4eb7d3c65f81c6e6b496ba889

SHA1
231237a501b9433c292991e4ec200b25c1589050

SHA256
813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

SHA512
1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe

Filesize
36KB

MD5
33cf1a9ad7e502fd7c2de69a7da48801

SHA1
a71f1a144616eda1ca60886843fae98703417a0b

SHA256
f160948153cf32d47d35bea85eccd51929566e662c6eca6f838515b0860704c0

SHA512
edbee4a88c5e5f049ec86a4b8beadeac89f4eec81f1176ea35f2f689fb40f335ee1f85df856d02d224f5fb95e4ac1e9a85cf6d54b4c436a50e478859ec9fc517

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133432598454054579.txt

Filesize
2KB

MD5
ecaea544af9da1114077b951d8cb520d

SHA1
5820b2d71e7b2543cf1804eb91716c4e9f732fde

SHA256
9117b26ab2c8fdbb8223fe1f2d1770c50a6cf0d9849a5849d6aebcbe90435be6

SHA512
dc7bedbc581818011aa2d313429f234b12e5e9cf320b02b8d7ceeaf9cdc1c921ffc51af7f4080b02740f2d2146fbb006ccbf37cdcba3e3a10009142daffdb919

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

Filesize
1KB

MD5
582647bba03ae6c915ef0f01aff9f9c0

SHA1
953275a969188e1fbe519c757835d1bb3d6e2c6a

SHA256
4e2ab1acada7d0d72e3b6e6c034f6fee99fcc552f9b1c11f80189a6deb26595d

SHA512
f48d0a247ba87e58929a43c5c067c8e4325f44f34922fb7819f0189c4d47656b639027d4a8d06d6f095f93020868a0b9fa0336527cc4bd28f3fadfc972d677f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

Filesize
1KB

MD5
7056a56e7308bc12005cb44395dc475c

SHA1
d02cbdea39b85a4cc586144bc25adc527a8222ab

SHA256
536910c4ab7eef3eb7d4390c9bb6a5167029d9bf614f9afda4d8fe0d51500b0b

SHA512
0e0284fb2a8e2f79967c6927b0e6624784854094629b2532bf0b1ef970b119cab77e7eb74e378a539559c2b6889dc336e8d05052316d780ba4c8dcd607c6f671

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

Filesize
5KB

MD5
07df6b247d34c8bbde7cc396adfb19b9

SHA1
d5c601bee52bbcaac0afa4ab75d169009bd5ac2d

SHA256
ad9b76b5231d0b87808d09e29a8cfe5df1702f1a890ce0713ac83325e0af7238

SHA512
fbd93260c9acfce701144f20f289dceab75f5bf4b388e16833a548249e499373a74ad14768f0214b525528784ec7a7d545507bff808d133f89f2ddbeda1fd887

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

Filesize
5KB

MD5
07df6b247d34c8bbde7cc396adfb19b9

SHA1
d5c601bee52bbcaac0afa4ab75d169009bd5ac2d

SHA256
ad9b76b5231d0b87808d09e29a8cfe5df1702f1a890ce0713ac83325e0af7238

SHA512
fbd93260c9acfce701144f20f289dceab75f5bf4b388e16833a548249e499373a74ad14768f0214b525528784ec7a7d545507bff808d133f89f2ddbeda1fd887

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin

Filesize
10KB

MD5
154fe21b24d8223d09715331653e3cb7

SHA1
f92c989bcb34da40adc5dfa71a696e62c90f2f9a

SHA256
d7014743c4cbb80b1b8eee009f899d7604c3bf7d9c735ab4c83131b0fdae236f

SHA512
dedff16e3f81865c8bb9e28c68b2fadfc8f5115764b45b345b9f78bd9af2e908ec66a2819566c5db098c5f0f38df24b744e3937b0f4629fa009fa91bfc47ab13

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\IYDZO99B\microsoft.windows[1].xml

Filesize
97B

MD5
85c01cdfb98850c6d9f74fdee01a0288

SHA1
f27d1b4cebca4fae1bfcb132106b731cdf006388

SHA256
e391504fcf710531408cea3d8dfb9bdace3aa387e365e8631677d66ab652ee0b

SHA512
f97fbd626d90f1ce1f98996b0afe4d24e1d43f4742db65a4b1254ac9466746e4bc444ee7b16e9b4283059935a204f9a56a4bae0210da568b14b58496f6fdbcf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\IYDZO99B\microsoft.windows[1].xml

Filesize
97B

MD5
85c01cdfb98850c6d9f74fdee01a0288

SHA1
f27d1b4cebca4fae1bfcb132106b731cdf006388

SHA256
e391504fcf710531408cea3d8dfb9bdace3aa387e365e8631677d66ab652ee0b

SHA512
f97fbd626d90f1ce1f98996b0afe4d24e1d43f4742db65a4b1254ac9466746e4bc444ee7b16e9b4283059935a204f9a56a4bae0210da568b14b58496f6fdbcf4

Download Submit
C:\Users\Admin\AppData\Local\SyPfSxJlZJ.BiBi3

Filesize
10KB

MD5
9bd97343ad85f5132884762924a71882

SHA1
c11857c80ca4dd37e1f8826935aae7d84cf75f03

SHA256
972fac0a37dce7c5d7ac24bf06150a3a176866b8f8489491f611b60650f9c8f1

SHA512
ffc3dc47f55bbd05d5d3f8315dc7cd63076ecbaa2b7c066f5020d86a936afedd241a251ff1c99d65c5f5b2cbe40af0a143ae8eaf4cdab52181e7a31305fc0af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7C1DFEB7-8475-49B8-A5C6-F54EB5DD8A9C}.png

Filesize
5KB

MD5
00e5fcfd833151f7cbde607e2f7afeb4

SHA1
55839875c0947aafebff53d22ccc5dad29fe3563

SHA256
b80192aaabe007baecd0603e3ce183e9d554b8a6b0411d20716acfa086ae3035

SHA512
f056777a1987c3becdc217bdc2d82e6aa41086d38fddaa45c42f1726b6f7b7616a10918081650e825a724464ef148b669bc258d38a62e0de8642e2607a0b0de7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms

Filesize
1KB

MD5
5307698528d8df0fc91381cf12e6f3d7

SHA1
9851c51a05f5bcf122ca896b45e13f63dad71f6a

SHA256
a7c7e7a2fa2f0b0c6a47b5936f6ac6cf12c7d182062dc50d4554b9b3103fae4e

SHA512
eac574add5eee824076b44092b93e4952fdc21cca0fcc08bc4b877faee339f51681bf23d5430d6d8ce8a28412656242733e987558b02f63ba15a8ae1cf303b54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

Filesize
14KB

MD5
2257fa8cef64a74c33655bd5f74ef5e5

SHA1
b9f8baf96166f99cb1983563e632e6e69984ad5c

SHA256
ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3

SHA512
7792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

Filesize
14KB

MD5
2257fa8cef64a74c33655bd5f74ef5e5

SHA1
b9f8baf96166f99cb1983563e632e6e69984ad5c

SHA256
ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3

SHA512
7792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

Filesize
14KB

MD5
2257fa8cef64a74c33655bd5f74ef5e5

SHA1
b9f8baf96166f99cb1983563e632e6e69984ad5c

SHA256
ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3

SHA512
7792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

Filesize
14KB

MD5
2257fa8cef64a74c33655bd5f74ef5e5

SHA1
b9f8baf96166f99cb1983563e632e6e69984ad5c

SHA256
ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3

SHA512
7792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

Filesize
14KB

MD5
2257fa8cef64a74c33655bd5f74ef5e5

SHA1
b9f8baf96166f99cb1983563e632e6e69984ad5c

SHA256
ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3

SHA512
7792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

Filesize
14KB

MD5
2257fa8cef64a74c33655bd5f74ef5e5

SHA1
b9f8baf96166f99cb1983563e632e6e69984ad5c

SHA256
ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3

SHA512
7792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

Filesize
14KB

MD5
2257fa8cef64a74c33655bd5f74ef5e5

SHA1
b9f8baf96166f99cb1983563e632e6e69984ad5c

SHA256
ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3

SHA512
7792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

Filesize
14KB

MD5
2257fa8cef64a74c33655bd5f74ef5e5

SHA1
b9f8baf96166f99cb1983563e632e6e69984ad5c

SHA256
ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3

SHA512
7792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\JqVjV59Sca.BiBi2

Filesize
51KB

MD5
47bc2d0516a587fc2b41eb9497058224

SHA1
5e40d95afb128188419ebbb400b87c16d4e5e527

SHA256
24ae9e98cf7765d716b936775859e6d6d57c93cb626e94fd3c0c192d1e27383e

SHA512
0b3ac8d973d2ffb595f488417289e5dbcf554f343ca46c09014ea4a4670e3276e3983ede81a15415a04fc1f08cfc6134705e78255448ae6c55c46ad6172655ed

Download Submit
C:\Users\Admin\Desktop\4FUuGyZlgi.BiBi2

Filesize
679KB

MD5
e4c0bec384969f52dfefc5d4560ff724

SHA1
55680120c5fda37f496639026bf6bcec8e1737d3

SHA256
791308a3eb8013ff9b1f721ddb0b164c8c552d0887d1c3ab703c83e06e60e7de

SHA512
e363e32d29140861c7a3f0a3ae30c6a78a1a4c20eb1210158850751a1864ce368a6f81a383dbbf159e2967599b1aeae49f5b1d3b4181fd601057fae880d40a2d

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1873812795-1433807462-1429862679-1000\desktop.ini

Filesize
129B

MD5
a526b9e7c716b3489d8cc062fbce4005

SHA1
2df502a944ff721241be20a9e449d2acd07e0312

SHA256
e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

SHA512
d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

Download Submit
memory/1788-8190-0x00000197F7890000-0x00000197F78B0000-memory.dmp

Filesize
128KB

Download
memory/1788-8187-0x00000197F7450000-0x00000197F7470000-memory.dmp

Filesize
128KB

Download
memory/1788-8184-0x00000197F7490000-0x00000197F74B0000-memory.dmp

Filesize
128KB

Download
memory/3748-8078-0x00000220FF760000-0x00000220FF780000-memory.dmp

Filesize
128KB

Download
memory/3748-8083-0x00000220FF720000-0x00000220FF740000-memory.dmp

Filesize
128KB

Download
memory/3748-8085-0x00000220FFD60000-0x00000220FFD80000-memory.dmp

Filesize
128KB

Download
memory/5288-8173-0x00000000049D0000-0x00000000049D1000-memory.dmp

Filesize
4KB

Download
memory/7676-8241-0x0000025DA7A60000-0x0000025DA7A61000-memory.dmp

Filesize
4KB

Download
memory/7676-8249-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8250-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8251-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8252-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8253-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8254-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8255-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8256-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8257-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8258-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8259-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8248-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8247-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8246-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8245-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8244-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8243-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8242-0x0000025DA7A80000-0x0000025DA7A81000-memory.dmp

Filesize
4KB

Download
memory/7676-8240-0x0000025DA7A60000-0x0000025DA7A61000-memory.dmp

Filesize
4KB

Download
memory/7676-8239-0x0000025DA7A60000-0x0000025DA7A61000-memory.dmp

Filesize
4KB

Download
memory/7676-8238-0x0000025DA7A50000-0x0000025DA7A51000-memory.dmp

Filesize
4KB

Download
memory/7676-8236-0x0000025DA7A50000-0x0000025DA7A51000-memory.dmp

Filesize
4KB

Download
memory/7676-8234-0x0000025DA7910000-0x0000025DA7911000-memory.dmp

Filesize
4KB

Download
memory/7676-8215-0x0000025D9F740000-0x0000025D9F750000-memory.dmp

Filesize
64KB

Download
memory/7676-8199-0x0000025D9F640000-0x0000025D9F650000-memory.dmp

Filesize
64KB

Download
memory/8088-8065-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download