Overview

overview

10

Static

static

10

Update.exe

windows10-2004-x64

10

Resubmissions

18-01-2025 02:54

250118-dd9fbs1ncr 10

18-01-2025 02:49

250118-da9a6azrcz 10

18-01-2025 02:47

250118-c9v25s1mcq 10

Analysis

  • max time kernel
    498s
  • max time network
    576s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-01-2025 02:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Update.exe

  • Size

    61KB

  • MD5

    6afe04684a757675a359e7152592e644

  • SHA1

    d436a89ed573a6f5cb5d9b5f5d971cc12ac09e7b

  • SHA256

    734583184759ee71d9a25e037f25e409f2f1c7adfd1927bf6838bbfb62f2195e

  • SHA512

    25d29d6ceb7d2aaf57d689dba5bad64268151cad17d989b34dadb5146a10f6e15e9a424c927a453d2cdc0e78e0561c348d78e98c1250fc590420ad21b3bed94a

  • SSDEEP

    1536:wmtWxjhNJeaJXi+btWeYpive5scO3yKWRC6:wPjhNwaJXi+bw3EqhO3yKWU6

Score
10/10
stormkittyxwormdiscoveryevasionpersistenceratstealertrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:18889

147.185.221.25:18889
Attributes
  • install_file

    USB.exe

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload 1 IoCs
  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 12 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables Task Manager via registry modification
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates connected drives 3 TTPs 25 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 4 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 5 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Update.exe
    "C:\Users\Admin\AppData\Local\Temp\Update.exe"
    1⤵
    • Checks computer location settings
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Windows\SYSTEM32\CMD.EXE
      "CMD.EXE"
      2⤵
        PID:3508
      • C:\Windows\SYSTEM32\taskkill.exe
        taskkill /F /IM explorer.exe
        2⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:3512
      • C:\Windows\SYSTEM32\taskkill.exe
        taskkill /F /IM explorer.exe
        2⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4420
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        2⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1612
      • C:\Windows\SYSTEM32\taskkill.exe
        taskkill /F /IM explorer.exe
        2⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:232
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        2⤵
        • Modifies visibility of file extensions in Explorer
        • Modifies visiblity of hidden/system files in Explorer
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2040
        • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
          "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\TestDeny.xlsx"
          3⤵
          • Checks processor information in registry
          • Enumerates system info in registry
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2036
          • C:\Windows\splwow64.exe
            C:\Windows\splwow64.exe 12288
            4⤵
              PID:5328
        • C:\Windows\SYSTEM32\taskkill.exe
          taskkill /F /IM explorer.exe
          2⤵
          • Kills process with taskkill
          PID:3844
        • C:\Windows\explorer.exe
          "C:\Windows\explorer.exe"
          2⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:1316
        • C:\Windows\explorer.exe
          "C:\Windows\explorer.exe"
          2⤵
            PID:5504
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /7
          1⤵
            PID:244
          • C:\Windows\system32\AUDIODG.EXE
            C:\Windows\system32\AUDIODG.EXE 0x4b4 0x470
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:208
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:1648
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:1352
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:348
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:3164
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:3400
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            PID:3948
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:4304
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            • Suspicious behavior: GetForegroundWindowSpam
            PID:4444
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:2192
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:4164
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            • Suspicious behavior: GetForegroundWindowSpam
            PID:320
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:3784
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:2656
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious behavior: AddClipboardFormatListener
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:5492
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe"
              2⤵
              • Enumerates system info in registry
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of WriteProcessMemory
              PID:1800
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9773acc40,0x7ff9773acc4c,0x7ff9773acc58
                3⤵
                  PID:1552
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2516,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2512 /prefetch:2
                  3⤵
                    PID:3784
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2548 /prefetch:3
                    3⤵
                      PID:5388
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2012,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2664 /prefetch:8
                      3⤵
                        PID:4432
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
                        3⤵
                          PID:4284
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
                          3⤵
                            PID:5508
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:1
                            3⤵
                              PID:5996
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4948,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:1
                              3⤵
                                PID:4692
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:8
                                3⤵
                                  PID:5592
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4472,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:8
                                  3⤵
                                    PID:5768
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4388,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:8
                                    3⤵
                                      PID:6032
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3236,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3744 /prefetch:8
                                      3⤵
                                        PID:5984
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3384,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4428 /prefetch:8
                                        3⤵
                                          PID:4644
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3260,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3580 /prefetch:8
                                          3⤵
                                            PID:3344
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4440,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:2
                                            3⤵
                                              PID:2032
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4788,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:1
                                              3⤵
                                                PID:3924
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4696,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:1
                                                3⤵
                                                  PID:5972
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5028,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5472 /prefetch:1
                                                  3⤵
                                                    PID:5684
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4308,i,9447299855798054139,9548136582432959384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
                                                    3⤵
                                                      PID:3984
                                                • C:\Windows\System32\rundll32.exe
                                                  C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                  1⤵
                                                    PID:5796
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:5932
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                    • Modifies Internet Explorer settings
                                                    • Modifies registry class
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:6120
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                                                    1⤵
                                                      PID:5536
                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                      1⤵
                                                        PID:5184
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                        • Boot or Logon Autostart Execution: Active Setup
                                                        • Enumerates connected drives
                                                        • Checks SCSI registry key(s)
                                                        • Modifies registry class
                                                        PID:5296
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:1040
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                          • Boot or Logon Autostart Execution: Active Setup
                                                          • Enumerates connected drives
                                                          • Checks SCSI registry key(s)
                                                          • Modifies registry class
                                                          PID:1464
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:4792
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                            • Modifies Internet Explorer settings
                                                            • Modifies registry class
                                                            PID:5276
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                            • Boot or Logon Autostart Execution: Active Setup
                                                            • Enumerates connected drives
                                                            • Checks SCSI registry key(s)
                                                            • Modifies registry class
                                                            PID:6096
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:2800
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                              • Modifies Internet Explorer settings
                                                              • Modifies registry class
                                                              PID:4484
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                              1⤵
                                                                PID:1056
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                1⤵
                                                                  PID:5576
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                  • Enumerates connected drives
                                                                  • Checks SCSI registry key(s)
                                                                  • Modifies registry class
                                                                  PID:6068
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:2784
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                    • Modifies Internet Explorer settings
                                                                    • Modifies registry class
                                                                    PID:4624
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                    • Enumerates connected drives
                                                                    • Checks SCSI registry key(s)
                                                                    • Modifies registry class
                                                                    PID:2260
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:3396
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:1820
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:5532
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:968
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:5952
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:5660
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:4464
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:3992
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:5204
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:440
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:3632
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:4412
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:6120
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:4624
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:1264
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:3224
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2528
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:5696
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:532
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:5288
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:3048
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:4108
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:5124
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:2312
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:4232
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:316
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:5848
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:1676
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:2936
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:2180
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                1⤵
                                                                                                                                  PID:3872
                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                  1⤵
                                                                                                                                    PID:1532
                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                    explorer.exe
                                                                                                                                    1⤵
                                                                                                                                      PID:6004
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                      1⤵
                                                                                                                                        PID:5752
                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                        1⤵
                                                                                                                                          PID:5696
                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                          explorer.exe
                                                                                                                                          1⤵
                                                                                                                                            PID:2608
                                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                            1⤵
                                                                                                                                              PID:6116
                                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                              1⤵
                                                                                                                                                PID:3300
                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                explorer.exe
                                                                                                                                                1⤵
                                                                                                                                                  PID:440
                                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                  1⤵
                                                                                                                                                    PID:5440
                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                    1⤵
                                                                                                                                                      PID:3948
                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                      explorer.exe
                                                                                                                                                      1⤵
                                                                                                                                                        PID:2232
                                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                        1⤵
                                                                                                                                                          PID:6008
                                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                          1⤵
                                                                                                                                                            PID:5676
                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                            explorer.exe
                                                                                                                                                            1⤵
                                                                                                                                                              PID:2992
                                                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                              1⤵
                                                                                                                                                                PID:5904
                                                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:436

                                                                                                                                                                Network

                                                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                                                Replay Monitor

                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                Downloads

                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                                                                  Filesize

                                                                                                                                                                  471B

                                                                                                                                                                  MD5

                                                                                                                                                                  c01e07f7e6f2bc5c88a8299eeaced5d6

                                                                                                                                                                  SHA1

                                                                                                                                                                  6ca90ef25608d2047ad49bdd0cf64a4d31540580

                                                                                                                                                                  SHA256

                                                                                                                                                                  ded826dcf94f462bd7407f3db45687dcbb3e413fab40fb583ea036c2e4f985a8

                                                                                                                                                                  SHA512

                                                                                                                                                                  01f5dd7ad2bbc61104794360d8b319eea515a6bde4e531b59a5e9ad7a158f781d469a3d540379f3f122a3f2658b5ce4e2d153d32e23be64a3ce899d94f4fe0f0

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                                                                  Filesize

                                                                                                                                                                  412B

                                                                                                                                                                  MD5

                                                                                                                                                                  af8c762498d6baaed92c2c6a21088654

                                                                                                                                                                  SHA1

                                                                                                                                                                  be2b8b14542440bfe175a9688d190a5558855c15

                                                                                                                                                                  SHA256

                                                                                                                                                                  a68c8b92169bcdde5829c2f9a3004ac95988427f9fa50a24609b5935e2cc646c

                                                                                                                                                                  SHA512

                                                                                                                                                                  94dfd71626115b126a59b80f5e96fefda39c8e316d103d278894166d5f9081fdfdabc04584743ed5593bf9a6f9b0f87a3fec854fe8dc660608029de73634ffdf

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                                                                                                  Filesize

                                                                                                                                                                  649B

                                                                                                                                                                  MD5

                                                                                                                                                                  0176f6f44da48d13d6c5dd07cd0d4057

                                                                                                                                                                  SHA1

                                                                                                                                                                  534a8ccc092a1e7d403e7140405cdba02916709d

                                                                                                                                                                  SHA256

                                                                                                                                                                  0b60afdb58d5cdaf444963ea8f18997773e1f9e556c572b9d7ec880880d25aa1

                                                                                                                                                                  SHA512

                                                                                                                                                                  749245cf184538d33a0973b61bf4af739a0160b34067e1000e8d738432050b93b74623d0d4d2fe79bac00c855e56520d67f3287285021550983fa37a36fbea67

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
                                                                                                                                                                  Filesize

                                                                                                                                                                  215KB

                                                                                                                                                                  MD5

                                                                                                                                                                  d474ec7f8d58a66420b6daa0893a4874

                                                                                                                                                                  SHA1

                                                                                                                                                                  4314642571493ba983748556d0e76ec6704da211

                                                                                                                                                                  SHA256

                                                                                                                                                                  553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

                                                                                                                                                                  SHA512

                                                                                                                                                                  344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
                                                                                                                                                                  Filesize

                                                                                                                                                                  41KB

                                                                                                                                                                  MD5

                                                                                                                                                                  3bc2b6052ff1b9feff010ae9d919c002

                                                                                                                                                                  SHA1

                                                                                                                                                                  dd7da7b896641e71dca655640357522f8112c078

                                                                                                                                                                  SHA256

                                                                                                                                                                  483a3494759a05772019e091d3d8e5dc429d098c30007d430639926c3ffa16e5

                                                                                                                                                                  SHA512

                                                                                                                                                                  0b1632b73fd87e8e634922b730f83b7950e9a39697a46a3429f0bebb3f1ebd14c815a4651ee8f663a437d00ecbeb6ddaa47b2fcad719777edf1b1de8a7cad0f1

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                  Filesize

                                                                                                                                                                  216B

                                                                                                                                                                  MD5

                                                                                                                                                                  dc99056e9afc887501b2487585fd7e6b

                                                                                                                                                                  SHA1

                                                                                                                                                                  35f736eeddfdc44a63ed6b7c3392e586f9da8332

                                                                                                                                                                  SHA256

                                                                                                                                                                  925968b72daf33062b1c4ff12858203da91df780cbae3d88300287672fca0480

                                                                                                                                                                  SHA512

                                                                                                                                                                  a13019afcfb98c19301f61d7cc158e77f8662711ebb86ff7de8d8388fab7000f169f3c5fc32df263ae3edf07ae78e4914a307fc9c27f3d3facf6253cbf897e3c

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
                                                                                                                                                                  Filesize

                                                                                                                                                                  851B

                                                                                                                                                                  MD5

                                                                                                                                                                  07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                                                                  SHA1

                                                                                                                                                                  6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                                                                  SHA256

                                                                                                                                                                  6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                                                                  SHA512

                                                                                                                                                                  7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
                                                                                                                                                                  Filesize

                                                                                                                                                                  854B

                                                                                                                                                                  MD5

                                                                                                                                                                  4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                                                                  SHA1

                                                                                                                                                                  fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                                                                  SHA256

                                                                                                                                                                  6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                                                                  SHA512

                                                                                                                                                                  939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                                                  Filesize

                                                                                                                                                                  2KB

                                                                                                                                                                  MD5

                                                                                                                                                                  eacd7ace2af106b60ba208527f9a04e6

                                                                                                                                                                  SHA1

                                                                                                                                                                  099bb064dbca0a3787a8f272e4ef546c28b6b9d2

                                                                                                                                                                  SHA256

                                                                                                                                                                  012c83fa1ea4c0744c8b6352acf8c3f418bc49e1ac6b0d66845124d1f83e7244

                                                                                                                                                                  SHA512

                                                                                                                                                                  c0a5a53a08847c1b3e1ece5e42ea0dd3316fef1155fe13f4dea0c4e349064e6e62e5c704cdb69eb3396b467dadb9107cbf2feebd659b8daf84165d3097ab6580

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                                                  Filesize

                                                                                                                                                                  2B

                                                                                                                                                                  MD5

                                                                                                                                                                  d751713988987e9331980363e24189ce

                                                                                                                                                                  SHA1

                                                                                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                  SHA256

                                                                                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                  SHA512

                                                                                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                                  Filesize

                                                                                                                                                                  356B

                                                                                                                                                                  MD5

                                                                                                                                                                  9bacdb639ab428080971d7590dd14022

                                                                                                                                                                  SHA1

                                                                                                                                                                  3f4dac1af7bc9b9fa615c423805862c72d3797cb

                                                                                                                                                                  SHA256

                                                                                                                                                                  24fbc376374d757f6e9e12a85ccd7babf5110d202d0470d8def97acce39b6e88

                                                                                                                                                                  SHA512

                                                                                                                                                                  75b87f0ef9bc35714259571b00355cf4d0e67696fda105f597b0a17c451e3a4e42e70a0204b128fac3c0591eb0f0b04db8234b08efdbfbbaf2baeb20081478f3

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                                  Filesize

                                                                                                                                                                  356B

                                                                                                                                                                  MD5

                                                                                                                                                                  26a7f4a9e0c44d6389f8e8c9ecb73df5

                                                                                                                                                                  SHA1

                                                                                                                                                                  38df97e2ffb846133cbe709eb8a0935e63f7cd48

                                                                                                                                                                  SHA256

                                                                                                                                                                  e85429f9fab30f8fa099e8d65c7d22b6105ddafa0bb235a6d7219cde7470f429

                                                                                                                                                                  SHA512

                                                                                                                                                                  eb7c730cff798feb64b7a04cab2af62d369393fc0748a0d6be9b8acf8c3e0de0d15fb997ad5be64c72d6507c44c5009761cd7b23d2cdcaf0b21cef5be8d634a2

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                                  Filesize

                                                                                                                                                                  356B

                                                                                                                                                                  MD5

                                                                                                                                                                  c9581003c6523e4d63e6e750d1ec881d

                                                                                                                                                                  SHA1

                                                                                                                                                                  5b66d354377dc2d77307233f79ff5e45ea075df1

                                                                                                                                                                  SHA256

                                                                                                                                                                  95d682347000df13b70ba617242e01f96a36ae66694ad26adbfb7693b0b1823f

                                                                                                                                                                  SHA512

                                                                                                                                                                  386678dc4ac4f6fcdd9b697186847a83bac4050e9b01bf13be4d820f9808e0089f83db79ce714f20ea1674c3d37bcf922efa22b8e6558f5f6227b6499c2b72d8

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                  Filesize

                                                                                                                                                                  9KB

                                                                                                                                                                  MD5

                                                                                                                                                                  ddef9f7514a645266a231b0d1f73ef07

                                                                                                                                                                  SHA1

                                                                                                                                                                  e3ac152e5fbbb12b4085e08b53100bd5c27e98c2

                                                                                                                                                                  SHA256

                                                                                                                                                                  0af701582c739794d97fd71f5c226a9a7bbd5b83927afc2319995da8e014960d

                                                                                                                                                                  SHA512

                                                                                                                                                                  7f2d2d3dce4cf45666d916fd07e550d7a6c3fab1a8613853bb73269b252d9f4a15ed126d33a55dd68abadd73061e6c97eecac9394ff321e55252fd78c573940b

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                  Filesize

                                                                                                                                                                  9KB

                                                                                                                                                                  MD5

                                                                                                                                                                  9d5933dc1951b915e750a2456a7b9f20

                                                                                                                                                                  SHA1

                                                                                                                                                                  91f7d92d6dda2caf4fb8fcee344ba565e4eada12

                                                                                                                                                                  SHA256

                                                                                                                                                                  97ac8d12da431d641b8f1940493cc2a8ac0aa6d5e4b94130693751ecf0c9d453

                                                                                                                                                                  SHA512

                                                                                                                                                                  6561a02fb4bd4c7421a3733b218c248f2a2ad148d7ada243e0c84a06f0cfeea5f56c5cc64511c0e8ee28ad93cc7ba8f06d24402a7b8061f84b7e22243816e9d4

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                  Filesize

                                                                                                                                                                  9KB

                                                                                                                                                                  MD5

                                                                                                                                                                  806e7ed4c44ab47dd605984cc73e6319

                                                                                                                                                                  SHA1

                                                                                                                                                                  f11e052ad6624463a02e8b3e6d5ce1c3fb669e18

                                                                                                                                                                  SHA256

                                                                                                                                                                  03e3cd2ba2a1c3a2b62ba081a3abf5332d20cb8ca7ad7feca9f0d8aea69b8d61

                                                                                                                                                                  SHA512

                                                                                                                                                                  bf814f3ddccf25eb993e27e8666b32b919757171d2d422ab96215930fa462f3ee68a46d7b6bca0b68e7e7d6b9e3d3293a0b28fccd3781d7aa8a7c1d8260ec765

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                  Filesize

                                                                                                                                                                  9KB

                                                                                                                                                                  MD5

                                                                                                                                                                  cdea403ece613660730b1ba4bdf6f72c

                                                                                                                                                                  SHA1

                                                                                                                                                                  649aed1a0bfb804c792cc5fc9a5dd7604760bad9

                                                                                                                                                                  SHA256

                                                                                                                                                                  c460754b4fd2acba05b60b8fe2bfbb73eb23192b4a2bd8d7f1e2ef0ddd45db12

                                                                                                                                                                  SHA512

                                                                                                                                                                  51973defecb90dbf67bb05e67810d5100375f61f4a311bb7fa2c8b427a9bee00217c6d59842b51df7efc4333ed0bf8575fa8267eae62f59abbed58b8a276b6e1

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                  Filesize

                                                                                                                                                                  9KB

                                                                                                                                                                  MD5

                                                                                                                                                                  8da8a129f52d9e9709973e62409f933f

                                                                                                                                                                  SHA1

                                                                                                                                                                  3c6744f22e9fa7c28e834309ea44b9e674c74515

                                                                                                                                                                  SHA256

                                                                                                                                                                  51b602c4ba173bc1a6869dfb7056e78ce67f3a5e3746126ed313284d2869ee66

                                                                                                                                                                  SHA512

                                                                                                                                                                  1735048228c6ce54bc1a8e1a4610a850b849c0fa0c2a1c754aea0ec5f89eb6aa9f370e60505d07096eb6254667509d1b872c59a9a24004fab109f4642b4afe6f

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                  Filesize

                                                                                                                                                                  9KB

                                                                                                                                                                  MD5

                                                                                                                                                                  767308eedeaca021868d142c7a8327ce

                                                                                                                                                                  SHA1

                                                                                                                                                                  cb67bcbac17fcbe9be03c6b3f6374f677030ba7b

                                                                                                                                                                  SHA256

                                                                                                                                                                  f32065900f50dc10b826f1a96b4290d3d470f95406f5df276b46de9cff746a0d

                                                                                                                                                                  SHA512

                                                                                                                                                                  9c99cdee8041511d8c845f80cafff6f36679b175c8084bbafb7bfcbc07c676c49be2c76e47bbe484d76e8bae577dffa371f229672047d74d1bd768f0ae58a0af

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                  Filesize

                                                                                                                                                                  9KB

                                                                                                                                                                  MD5

                                                                                                                                                                  194f12ebe0a36dd59dfa7cfc8a7c1670

                                                                                                                                                                  SHA1

                                                                                                                                                                  2ce4ae96cd7dd1a2aad7853b5e36b4b2a66e3985

                                                                                                                                                                  SHA256

                                                                                                                                                                  53897dc2ae4c165a65bd22e52d6885c84877cd250a499e1310179cae41e17cc5

                                                                                                                                                                  SHA512

                                                                                                                                                                  3c37c54333b8a126c143c61f1f39614e930fc19872f0855f76321ca349a555730c49e8f538002337d5d62a2b046ef3f0bad37beb4f55894e1cbf1c98c8f6ebc8

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                  Filesize

                                                                                                                                                                  9KB

                                                                                                                                                                  MD5

                                                                                                                                                                  789a41f21c975ed05f713a3c1f28b725

                                                                                                                                                                  SHA1

                                                                                                                                                                  2dfbb17abf9913038742705d0b81c928e7c0e760

                                                                                                                                                                  SHA256

                                                                                                                                                                  7eae88d5741fc63c1ded22c7f96d1ab3a46e215c2e947e5096583b85117b63e1

                                                                                                                                                                  SHA512

                                                                                                                                                                  ad14b111a4d4af7b4a940ed6dbeca277474e87145a0d8e9ebece0aa19af53c346666f5e30b4f6044cd469e6921fd0306c0adac09cd1da8205f055cf874b5c225

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                                                  Filesize

                                                                                                                                                                  15KB

                                                                                                                                                                  MD5

                                                                                                                                                                  95ebf4ca4a1aacb3784cae4a29eb7b3a

                                                                                                                                                                  SHA1

                                                                                                                                                                  03f72c99fa1346a2c9cd94f0df3ede96d59efeed

                                                                                                                                                                  SHA256

                                                                                                                                                                  45ecd6c859354e7e8aaac7b86c65eb6dd254f36741c93946a09ab88c99e4e9e1

                                                                                                                                                                  SHA512

                                                                                                                                                                  7f4e4db17bd1f0436211744e49b6daae02dbd82aa040925d611e9837c0a506991057b31055fc4695365eb09a0e42097b9aff7c51d7ce25b56374e454673c76e4

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                                                  Filesize

                                                                                                                                                                  72B

                                                                                                                                                                  MD5

                                                                                                                                                                  5fd6f4aa5970cecc66640cd291b4c320

                                                                                                                                                                  SHA1

                                                                                                                                                                  cfa63eef3b47fed23ea2b346817f2d860daa8229

                                                                                                                                                                  SHA256

                                                                                                                                                                  0b6f3765a9472c95c1d334acdf52a323ea3895378384c3755b96c1fc4cb9c50f

                                                                                                                                                                  SHA512

                                                                                                                                                                  86bc7f2fcc4fa8a1677c1a544737083d5fc909953a76bad06bf884a1129fbccdfe981b3a47d469fc054d18c04da7af1b7a79aac1a05ceb1bf2acb8c425963c8b

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                                                  Filesize

                                                                                                                                                                  116KB

                                                                                                                                                                  MD5

                                                                                                                                                                  71d331f544dcfae679102f0c4caf5039

                                                                                                                                                                  SHA1

                                                                                                                                                                  517592dcecaf02d87fed18214649892fbb4fbd50

                                                                                                                                                                  SHA256

                                                                                                                                                                  f9058aa83d6f46523ad57288441419bf1670dae3138118b3a425c4286275985a

                                                                                                                                                                  SHA512

                                                                                                                                                                  4cfebda72aef0307e3d0b90340a29eb614b0a421292a950131a88baa009d0cdb3fc85d38db6af1dab7c378669fc2092c758302497166b4b5a0b135c982dde610

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                                                  Filesize

                                                                                                                                                                  230KB

                                                                                                                                                                  MD5

                                                                                                                                                                  ea53ef1b95059526067ba531edef1a2a

                                                                                                                                                                  SHA1

                                                                                                                                                                  5b029f0d1df460dfd0981c97b5ebe77fbbd212ed

                                                                                                                                                                  SHA256

                                                                                                                                                                  54006d7450c5ee93399b79c7855ed6bc5062aea17fceccf22fd2fc2a15c61947

                                                                                                                                                                  SHA512

                                                                                                                                                                  ba8830200fd583984f9b4156b8aa7c7811a431f0d8fbad9d7e47e4bcab84f714414381e2237ff3d4bf737ecc34adf578dc1d32c99d7cf17baa5639779f1038cf

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
                                                                                                                                                                  Filesize

                                                                                                                                                                  28KB

                                                                                                                                                                  MD5

                                                                                                                                                                  927eb7520f3e7f61a4ec15a4ed4b6635

                                                                                                                                                                  SHA1

                                                                                                                                                                  7f634d625d4ea9304b64ada5bbb548f75e05129b

                                                                                                                                                                  SHA256

                                                                                                                                                                  22e0432d559d256d6fc2dad7b5fe8f7ae3bf6f4c955b25b4faf391dcac141218

                                                                                                                                                                  SHA512

                                                                                                                                                                  e4cf132296fc01a9819b87cb6fda0cf159d0ca1d42369cea71d2f1421c708a0433cdff7d34357b77f6846de949fec23385eeb1b1a94556f90ea66b18dda81610

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
                                                                                                                                                                  Filesize

                                                                                                                                                                  28KB

                                                                                                                                                                  MD5

                                                                                                                                                                  784b42b4961a40ef21b2b0e961ff59ff

                                                                                                                                                                  SHA1

                                                                                                                                                                  88d05fe91181c6a8b7b0eac669f7488aac3e17a4

                                                                                                                                                                  SHA256

                                                                                                                                                                  d5b7781cead6d96c529fd8599a6baf0ffe85d96c9e4ef3cb4fcb824c0555d145

                                                                                                                                                                  SHA512

                                                                                                                                                                  e43a3de2797fcf679ffd4de6ab5e950cf8f44918b88d7d5804a6e6163a115df6e67a6b0b37fc3f4b68d8a800062f755a77b7c6ce5fca1e1f6190755786b22432

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
                                                                                                                                                                  Filesize

                                                                                                                                                                  28KB

                                                                                                                                                                  MD5

                                                                                                                                                                  a70ac1b4f9260ab6ed3d5dd809ef2a83

                                                                                                                                                                  SHA1

                                                                                                                                                                  da01843d5deacdd59cc1851a38a87e2952a60833

                                                                                                                                                                  SHA256

                                                                                                                                                                  23a55a8fe77e51aa3f116c94cf86014c2bf0cfc9476e0431f14c19798a7de135

                                                                                                                                                                  SHA512

                                                                                                                                                                  17755c761a39cd7cba5fa7f5a9f1e79f8029118dd3f42eef045f31a58f4c7680a7ad61036c620898262ace5543c1153a8eebc52fbe59d0f62319c55a910f271f

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                                                                                  Filesize

                                                                                                                                                                  36KB

                                                                                                                                                                  MD5

                                                                                                                                                                  0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                                                                  SHA1

                                                                                                                                                                  92495421ad887f27f53784c470884802797025ad

                                                                                                                                                                  SHA256

                                                                                                                                                                  0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                                                                  SHA512

                                                                                                                                                                  61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
                                                                                                                                                                  Filesize

                                                                                                                                                                  36KB

                                                                                                                                                                  MD5

                                                                                                                                                                  ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                                                                  SHA1

                                                                                                                                                                  eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                                                                  SHA256

                                                                                                                                                                  20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                                                                  SHA512

                                                                                                                                                                  bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d5709198-c276-4548-a08f-cec89a11b4dc}\0.0.filtertrie.intermediate.txt
                                                                                                                                                                  Filesize

                                                                                                                                                                  28KB

                                                                                                                                                                  MD5

                                                                                                                                                                  ab6db363a3fc9e4af2864079fd88032d

                                                                                                                                                                  SHA1

                                                                                                                                                                  aa52099313fd6290cd6e57d37551d63cd96dbe45

                                                                                                                                                                  SHA256

                                                                                                                                                                  373bb433c2908af2e3de58ede2087642814564560d007e61748cdb48d4e9da3f

                                                                                                                                                                  SHA512

                                                                                                                                                                  d3d13d17df96705d0de119ad0f8380bfe6b7bc44c618e2fcd0233061a0ab15beae44d38c48a880121b35f90f56c1529e5f4cf1a19acb9e2cbba5d1c402c749c0

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d5709198-c276-4548-a08f-cec89a11b4dc}\0.1.filtertrie.intermediate.txt
                                                                                                                                                                  Filesize

                                                                                                                                                                  5B

                                                                                                                                                                  MD5

                                                                                                                                                                  34bd1dfb9f72cf4f86e6df6da0a9e49a

                                                                                                                                                                  SHA1

                                                                                                                                                                  5f96d66f33c81c0b10df2128d3860e3cb7e89563

                                                                                                                                                                  SHA256

                                                                                                                                                                  8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

                                                                                                                                                                  SHA512

                                                                                                                                                                  e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d5709198-c276-4548-a08f-cec89a11b4dc}\0.2.filtertrie.intermediate.txt
                                                                                                                                                                  Filesize

                                                                                                                                                                  5B

                                                                                                                                                                  MD5

                                                                                                                                                                  c204e9faaf8565ad333828beff2d786e

                                                                                                                                                                  SHA1

                                                                                                                                                                  7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

                                                                                                                                                                  SHA256

                                                                                                                                                                  d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

                                                                                                                                                                  SHA512

                                                                                                                                                                  e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d5709198-c276-4548-a08f-cec89a11b4dc}\Apps.ft
                                                                                                                                                                  Filesize

                                                                                                                                                                  38KB

                                                                                                                                                                  MD5

                                                                                                                                                                  84ac0c242b77b8fc326db0a5926b089e

                                                                                                                                                                  SHA1

                                                                                                                                                                  cc6b367ae8eb38561de01813b7d542067fb2318f

                                                                                                                                                                  SHA256

                                                                                                                                                                  b1557167a6df424f8b28aabd31d1b7e8a469dd50d2ae4cbbd43afd8f9c62cf92

                                                                                                                                                                  SHA512

                                                                                                                                                                  8f63084bd5a270b7b05e80454d26127b69bcb98ec93d9fad58d77203934f46b677a3aaf20f29e73dcd7035deb61f4c0aa3b10acbc4c0fc210632c1d74f705d2f

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d5709198-c276-4548-a08f-cec89a11b4dc}\Apps.index
                                                                                                                                                                  Filesize

                                                                                                                                                                  1.0MB

                                                                                                                                                                  MD5

                                                                                                                                                                  f4514c93191e0efc0f61036e4ebb341a

                                                                                                                                                                  SHA1

                                                                                                                                                                  c80478e9a734790c18584f67a43518aa4a7dcf58

                                                                                                                                                                  SHA256

                                                                                                                                                                  43da4fa5f62affe399ceaac2d489b7cde610963a48e72d445bebe6f2c63a3600

                                                                                                                                                                  SHA512

                                                                                                                                                                  8aecb3491767e040a52f351908004db2c8f2f083397744585c2832212ec8aa288d3492be941a48b04774e16b43672ab167209776cbdef6692fef684fc54666a6

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133816423264316485.txt.~tmp
                                                                                                                                                                  Filesize

                                                                                                                                                                  75KB

                                                                                                                                                                  MD5

                                                                                                                                                                  310d178e88314bd8c3ffaf1e0f54babe

                                                                                                                                                                  SHA1

                                                                                                                                                                  e526f7494930214e8bbcce012a71f71859a0a2b1

                                                                                                                                                                  SHA256

                                                                                                                                                                  b341ad61ab5248be28ac4ef98249e8153fa5920b934681cf109c5784e95d16ee

                                                                                                                                                                  SHA512

                                                                                                                                                                  0f772dea12a0595f4bd8cb027ea92c3507775aad1990215aecec3a4ab64e562324ba8952681c29e4321e2a4cb2471262101e70445a0e95d428e1541d3d709fdd

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133816423896336725.txt
                                                                                                                                                                  Filesize

                                                                                                                                                                  75KB

                                                                                                                                                                  MD5

                                                                                                                                                                  dc54897df60818ef235d727d68ad4150

                                                                                                                                                                  SHA1

                                                                                                                                                                  79d34a90f159de9dae4c6c5d60b728d5c2709728

                                                                                                                                                                  SHA256

                                                                                                                                                                  5758aedb29305cc5fdc094a95b76aa126e3434980adb052a25d6b5707bae6ee9

                                                                                                                                                                  SHA512

                                                                                                                                                                  5623e312d68fe636f16e248098a7dc56dbb9ce7f5b28f9f3f864a8578f2ed3a35f26b68cde6455484df0552274bbc36babfaa9a9893c07614347560a1c3f09ad

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133816424400535000.txt
                                                                                                                                                                  Filesize

                                                                                                                                                                  76KB

                                                                                                                                                                  MD5

                                                                                                                                                                  583f918fd93b64ecd844f0097b9cba7c

                                                                                                                                                                  SHA1

                                                                                                                                                                  ef9aff9e0f2b1252c1cd3d9477aa8eea271eda7c

                                                                                                                                                                  SHA256

                                                                                                                                                                  3e847131574295965464321ff3b362a15e9f93353c82fd8f3c417ddacdd19b03

                                                                                                                                                                  SHA512

                                                                                                                                                                  ad18c840b801ddda27569e1c640fe982fb1d13114ee516d2984374eac667f919e03544b42b889a812f2a6080d9d0f7903221f120345a73218637604a3bd04696

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2CFNWDLC\microsoft.windows[1].xml
                                                                                                                                                                  Filesize

                                                                                                                                                                  97B

                                                                                                                                                                  MD5

                                                                                                                                                                  539db492f33fccee9be530dd0bf34a46

                                                                                                                                                                  SHA1

                                                                                                                                                                  650b2a3583d6c9499b4ed73e9a5dca37f342a50e

                                                                                                                                                                  SHA256

                                                                                                                                                                  f6d425aad05b46e77b53e5737c85f4ceab6531e773ea87eb985754be5ec19999

                                                                                                                                                                  SHA512

                                                                                                                                                                  9328f2fa286b4a9ca6ae57ddd9fca0b1140e5f68a5e143fd8ae6ea212a1af5d7b6b2289c324fa9480ca8d2e6d3b0cf7115611a56a3a161c5ad2f988f6ae62a0a

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\scoped_dir1800_960300658\73fa0fb3-0853-4c0f-b589-38f9fb10ca59.tmp
                                                                                                                                                                  Filesize

                                                                                                                                                                  150KB

                                                                                                                                                                  MD5

                                                                                                                                                                  14937b985303ecce4196154a24fc369a

                                                                                                                                                                  SHA1

                                                                                                                                                                  ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                                                                                                                                  SHA256

                                                                                                                                                                  71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                                                                                                                                  SHA512

                                                                                                                                                                  1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\scoped_dir1800_960300658\CRX_INSTALL\_locales\en\messages.json
                                                                                                                                                                  Filesize

                                                                                                                                                                  711B

                                                                                                                                                                  MD5

                                                                                                                                                                  558659936250e03cc14b60ebf648aa09

                                                                                                                                                                  SHA1

                                                                                                                                                                  32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                                                                  SHA256

                                                                                                                                                                  2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                                                                  SHA512

                                                                                                                                                                  1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                                  Filesize

                                                                                                                                                                  392B

                                                                                                                                                                  MD5

                                                                                                                                                                  8b5594541cb1affa911940b49eab2ea1

                                                                                                                                                                  SHA1

                                                                                                                                                                  4edb34855f8217c65e6f8083fddc58d00f4b9bee

                                                                                                                                                                  SHA256

                                                                                                                                                                  6710a123ae57326954ccd3d966b00f53630d3aed859edcac876be80481182fb3

                                                                                                                                                                  SHA512

                                                                                                                                                                  a91de67b1a958a9e074e246ad005dc0f71c413297c7bec129f8ec7d08bc8c10b876d12163b364d7f82f0a019b6ea8ed183603565d6b075853fcbd2bdc58f790b

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                                  Filesize

                                                                                                                                                                  392B

                                                                                                                                                                  MD5

                                                                                                                                                                  c2599f65d62bb1174ce43abe49a88e58

                                                                                                                                                                  SHA1

                                                                                                                                                                  7931e0a1b4f167ea2b3ed0bd50b5109cc72dbce5

                                                                                                                                                                  SHA256

                                                                                                                                                                  f51f2bb69b01aa26cfc279968a69898ecc35a2022b74a301a2994014e79aaaf2

                                                                                                                                                                  SHA512

                                                                                                                                                                  046b6768763551004c28332e18c9a45cee815b77d90178bb2921c37898554dec873bb3fc0e860f2a982d8dda80571c0f5eb4f2ab5c5b4b0354c118c35d2de62e

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_A4C8B40C9C2B43728E43DF7003E077AF.dat
                                                                                                                                                                  Filesize

                                                                                                                                                                  940B

                                                                                                                                                                  MD5

                                                                                                                                                                  13ce6be94cdee40c0f77c048ef8f7c6b

                                                                                                                                                                  SHA1

                                                                                                                                                                  548398625f0815904c4fa4b074a70488861f4920

                                                                                                                                                                  SHA256

                                                                                                                                                                  9b63ac065fba270059fc1a4d622eb432cd6426785dce33079e65aa5f8f3f6c99

                                                                                                                                                                  SHA512

                                                                                                                                                                  6e5f6c23b3cb888e0b51775ea5fe2abf7c3e5d7d3a68ce80d8a1e292d0556175a850fabd9bb9dd30426e75ea2c0c10b2efd575705e677d29ffa5d544867b5337

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
                                                                                                                                                                  Filesize

                                                                                                                                                                  14KB

                                                                                                                                                                  MD5

                                                                                                                                                                  04d2058c37eb82d5e828e345dff66383

                                                                                                                                                                  SHA1

                                                                                                                                                                  50f1996c3fc0c7de0ec4d22781cf921478c94aba

                                                                                                                                                                  SHA256

                                                                                                                                                                  6bc7845a211df4d3e55bda4c8e4e85bb389e2065d6a2212d8b0d342f5b83f606

                                                                                                                                                                  SHA512

                                                                                                                                                                  e9ba9e615e2803e2d45a8a8dca1181c42ae02f76e37cd28b64fbafe923db73240e537da65933fd08b7996a3a44953d9a0f486c9bf07cd2857767d18183eadac7

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\b8ab77100df80ab2.automaticDestinations-ms
                                                                                                                                                                  Filesize

                                                                                                                                                                  8KB

                                                                                                                                                                  MD5

                                                                                                                                                                  c655cd9a329030962f0f4f8adcce1737

                                                                                                                                                                  SHA1

                                                                                                                                                                  40105a5f680417c29c50d6c811781bee4a747739

                                                                                                                                                                  SHA256

                                                                                                                                                                  c94ce0ae51ba9020099f458bfcb71721ed870cc49a8ef8d9583463e56e0d2ebf

                                                                                                                                                                  SHA512

                                                                                                                                                                  4418ff48d612752b806516fde65fca6840d88e64aea462b16f28726a8ec27c34f8d9093b998598a35f8a64fc31cbfdb425ea2b3122d00d0bb9d959e5eeda2153

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                                                                                                                                  Filesize

                                                                                                                                                                  7KB

                                                                                                                                                                  MD5

                                                                                                                                                                  5449df0c0ab494fb847f9a36b56db223

                                                                                                                                                                  SHA1

                                                                                                                                                                  01be1b3e28ecfc08dac7722ad7fcfa7558bf643e

                                                                                                                                                                  SHA256

                                                                                                                                                                  9af619e8e916020cda90da038ee1fa1dfd3ca7dceccf3d3bb08b6838ad398d10

                                                                                                                                                                  SHA512

                                                                                                                                                                  a7da4b41999beabce38b41c86b53219bde928cd8c014cf9f0eef611c4816e8e09b05e64f88a9019d091c4b057ad41cb69420aac25bd1198246d162f83fbfcf73

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                                                                                                                                  Filesize

                                                                                                                                                                  7KB

                                                                                                                                                                  MD5

                                                                                                                                                                  996b6a71248f61f75868b64b771af836

                                                                                                                                                                  SHA1

                                                                                                                                                                  5b8128d11d29cbad9ee67b4da668f0f0c9359c94

                                                                                                                                                                  SHA256

                                                                                                                                                                  341a854e42a9b49f99f77373606a3d45336f0fa3594089b17ccad1f71e5b8b7a

                                                                                                                                                                  SHA512

                                                                                                                                                                  6d0e9b2ae72e2aed593ff5b93b21d437fadb24fd3f2a05f31eba039cdf0182f88c3be1c2e839bb375a3af53ca1471a0f1ef3df9e32728f6d9e1984d9e5419896

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                                                                                                                                  Filesize

                                                                                                                                                                  7KB

                                                                                                                                                                  MD5

                                                                                                                                                                  eb15183a723784a62f2f3aab77912ab2

                                                                                                                                                                  SHA1

                                                                                                                                                                  484b974822608216c56795c0c40a46d4ffb2ccfd

                                                                                                                                                                  SHA256

                                                                                                                                                                  ceaa7050b8e2f16fa5f815e7f08df5cf40620e318ad2fe7200151d9bb304a1e7

                                                                                                                                                                  SHA512

                                                                                                                                                                  b80b533aa6c4939da51a8f3298ea77d2d4fbf75ff73e12e66ce9d35a5197c87e0cf470da9afeca36d08ac5797194e4565373303507a62d57402300de24bc0b1d

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
                                                                                                                                                                  Filesize

                                                                                                                                                                  3KB

                                                                                                                                                                  MD5

                                                                                                                                                                  3bd0c79138c8522994a4c869d5a23825

                                                                                                                                                                  SHA1

                                                                                                                                                                  0feeb77fca020f915af320657ca709d35dbbbb33

                                                                                                                                                                  SHA256

                                                                                                                                                                  ebbb72cf6855120894ba23dc8d1e285dea1653322650314482fe07ce2d924f0d

                                                                                                                                                                  SHA512

                                                                                                                                                                  ee0d17dba7b7838c38eccf1d235260fa9c92487ff71c62a023adcf53b7cd854828dbed12825510bff0254e6f57f6db1d8e9a830a563453008f44c65ed3715b1e

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
                                                                                                                                                                  Filesize

                                                                                                                                                                  3KB

                                                                                                                                                                  MD5

                                                                                                                                                                  ddd54f464c51ed22cdb31f85954f6857

                                                                                                                                                                  SHA1

                                                                                                                                                                  f6049f763f9f53c9cb795e27a77e1f4a4668a90a

                                                                                                                                                                  SHA256

                                                                                                                                                                  1e80996181a90a3f04c5d24f976f7a2e8e6994d8c081a09d6d550359e2dbb84e

                                                                                                                                                                  SHA512

                                                                                                                                                                  c0aad84029076f12382d5b73feee859d9a766224e921ebce492253b194fb86a68ef4623633f136d89cf309c01b8a383a3f5674ce01a7d0985cc6572e303517f7

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
                                                                                                                                                                  Filesize

                                                                                                                                                                  3KB

                                                                                                                                                                  MD5

                                                                                                                                                                  607aa17f3f43b69dde06f0860cb32fd2

                                                                                                                                                                  SHA1

                                                                                                                                                                  417561c9a7ecb92b0806b12d2321fe418b135a1d

                                                                                                                                                                  SHA256

                                                                                                                                                                  a3bd9ae8ee594f81f5e3abebe12a8918dfce35867f963d86bc40b4014e399782

                                                                                                                                                                  SHA512

                                                                                                                                                                  f95691209d801b9f6b668d19e40c662b19e363a725a50f580a2dbe0ef8c5214cb31589ad6fb136a90d8aae04ceb3945eddee5f3cfa7454dd97f0adfd82ff1334

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\Desktop\TestDeny - Copy.xlsx
                                                                                                                                                                  Filesize

                                                                                                                                                                  12KB

                                                                                                                                                                  MD5

                                                                                                                                                                  d7c15f18cbcc36e26b9a3da533b3c3c7

                                                                                                                                                                  SHA1

                                                                                                                                                                  a5256124b275bcfc7f6cd5daecec3cad93e62130

                                                                                                                                                                  SHA256

                                                                                                                                                                  67f466c5504ad50ae1f107d83e5b56502ccd0b50c8e1940e19df50e56b769f42

                                                                                                                                                                  SHA512

                                                                                                                                                                  d4fcffc39e42f628f0dcd1e6dc26810b659e5be9e40d2fb2bc99f015d3332e6f8033d96f749c68d68c3bf80b8389da4c7d3fcfd16f8b353c63d8fe32de024c56

                                                                                                                                                                  Download Submit

                                                                                                                                                                • C:\Users\Admin\Documents\28CE5E00
                                                                                                                                                                  Filesize

                                                                                                                                                                  10KB

                                                                                                                                                                  MD5

                                                                                                                                                                  2cafba372e9ed6f130b231bd3b2f19bb

                                                                                                                                                                  SHA1

                                                                                                                                                                  386fcd220f047c11188018588ba4b0d9fbfc4373

                                                                                                                                                                  SHA256

                                                                                                                                                                  f60c43bcadfdc5f166523270128198e42506766c42aa5a45411c8572f46c84ff

                                                                                                                                                                  SHA512

                                                                                                                                                                  9d1834a9219433ff9a98fa5ecd48b86e0028129c50fa23896d5eadb2dba2fb34f5ebb5d4adaf6b765f0b01123d9e7f0c38d39f159cc86a84888d820acaaf8966

                                                                                                                                                                  Download Submit

                                                                                                                                                                • memory/320-636-0x0000000004790000-0x0000000004791000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  4KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/1352-47-0x000001D50B450000-0x000001D50B470000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/1352-32-0x000001D50B490000-0x000001D50B4B0000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/1352-27-0x000001D50A540000-0x000001D50A640000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/1352-63-0x000001D50BA60000-0x000001D50BA80000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/1464-1141-0x00000000043A0000-0x00000000043A1000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  4KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/1612-26-0x0000000003030000-0x0000000003031000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  4KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-422-0x00007FF954250000-0x00007FF954260000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-1116-0x00007FF954250000-0x00007FF954260000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-423-0x00007FF954250000-0x00007FF954260000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-420-0x00007FF954250000-0x00007FF954260000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-424-0x00007FF954250000-0x00007FF954260000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-430-0x00007FF9518F0000-0x00007FF951900000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-421-0x00007FF954250000-0x00007FF954260000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-431-0x00007FF9518F0000-0x00007FF951900000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-1119-0x00007FF954250000-0x00007FF954260000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-1118-0x00007FF954250000-0x00007FF954260000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2036-1117-0x00007FF954250000-0x00007FF954260000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  64KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2040-171-0x0000000003620000-0x0000000003621000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  4KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2656-651-0x000001990F2C0000-0x000001990F2E0000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2656-642-0x000001990F300000-0x000001990F320000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2656-664-0x000001990F8E0000-0x000001990F900000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/2656-637-0x000001990E400000-0x000001990E500000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/3164-199-0x000001D3DDD00000-0x000001D3DDD20000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/3164-177-0x000001D3DD720000-0x000001D3DD740000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/3164-186-0x000001D3DD6E0000-0x000001D3DD700000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/3164-172-0x000001D3DC800000-0x000001D3DC900000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/3164-173-0x000001D3DC800000-0x000001D3DC900000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4164-525-0x000001A2628C0000-0x000001A2628E0000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4164-505-0x000001A2621B0000-0x000001A2621D0000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4164-490-0x000001A261390000-0x000001A261490000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4164-493-0x000001A262500000-0x000001A262520000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4164-488-0x000001A261390000-0x000001A261490000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4444-486-0x00000000049E0000-0x00000000049E1000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  4KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4484-1323-0x000001ABF2300000-0x000001ABF2400000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4484-1340-0x000001ABF3590000-0x000001ABF35B0000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4484-1353-0x000001ABF39A0000-0x000001ABF39C0000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4484-1331-0x000001ABF35D0000-0x000001ABF35F0000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-11-0x0000000000DD0000-0x0000000000DDA000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  40KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-20-0x00007FF976220000-0x00007FF976CE1000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  10.8MB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-4405-0x000000001CAA0000-0x000000001CAAA000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  40KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-3964-0x000000001CAF0000-0x000000001CB12000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  136KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-0-0x00007FF976223000-0x00007FF976225000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  8KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-3925-0x000000001DA10000-0x000000001DB30000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1.1MB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-415-0x000000001C840000-0x000000001C84C000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  48KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-1-0x00000000006D0000-0x00000000006E6000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  88KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-2-0x00007FF976220000-0x00007FF976CE1000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  10.8MB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-3-0x00007FF976223000-0x00007FF976225000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  8KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-4-0x00007FF976220000-0x00007FF976CE1000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  10.8MB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-5-0x0000000002A70000-0x0000000002A7E000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  56KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-10-0x0000000000E20000-0x0000000000E2A000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  40KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4560-12-0x00007FF976220000-0x00007FF976CE1000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  10.8MB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4624-1918-0x000001A761FF0000-0x000001A762010000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/4624-1915-0x000001A760F00000-0x000001A761000000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/5276-1164-0x0000022F41CC0000-0x0000022F41CE0000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/5276-1179-0x0000022F422E0000-0x0000022F42300000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/5276-1142-0x0000022F40E00000-0x0000022F40F00000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/5276-1147-0x0000022F41D00000-0x0000022F41D20000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/5492-782-0x00000000048D0000-0x00000000048D1000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  4KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/6068-1910-0x00000000042B0000-0x00000000042B1000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  4KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/6096-1318-0x0000000004260000-0x0000000004261000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  4KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/6120-784-0x000001E6BA400000-0x000001E6BA500000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/6120-785-0x000001E6BA400000-0x000001E6BA500000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  1024KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/6120-797-0x000001E6BB520000-0x000001E6BB540000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/6120-789-0x000001E6BB560000-0x000001E6BB580000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download

                                                                                                                                                                • memory/6120-821-0x000001E6BB920000-0x000001E6BB940000-memory.dmp

                                                                                                                                                                  Filesize

                                                                                                                                                                  128KB

                                                                                                                                                                  Download