Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

CryptoLocker.exe

windows10-2004-x64

10

Resubmissions

03/03/2025, 21:47

250303-1nfx4azzex 10

03/03/2025, 09:19

250303-laaftstwfx 10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/03/2025, 09:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CryptoLocker.exe

  • Size

    338KB

  • MD5

    04fb36199787f2e3e2135611a38321eb

  • SHA1

    65559245709fe98052eb284577f1fd61c01ad20d

  • SHA256

    d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

  • SHA512

    533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

  • SSDEEP

    6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv

Score
10/10
cryptolockerdiscoverypersistenceransomware

Malware Config

Signatures

  • CryptoLocker

    Ransomware family with multiple variants.

    ransomwarecryptolocker
  • Cryptolocker family
    cryptolocker
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CryptoLocker.exe
    "C:\Users\Admin\AppData\Local\Temp\CryptoLocker.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3476
    • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\AppData\Local\Temp\CryptoLocker.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
        "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000228
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1464
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4056
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1748
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5f58a691ha967h4204ha9cfhb4c76400d545
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4460
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8207f46f8,0x7ff8207f4708,0x7ff8207f4718
        2⤵
          PID:4128
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1129015972727766458,738190912716545172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
          2⤵
            PID:3740
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,1129015972727766458,738190912716545172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2716
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,1129015972727766458,738190912716545172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
            2⤵
              PID:4268
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:5240
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:5296
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0d83c93dhf88ch4a60ha49ahbc0236e01c25
                1⤵
                  PID:5984
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8207f46f8,0x7ff8207f4708,0x7ff8207f4718
                    2⤵
                      PID:6000
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16822016798871308841,14748755294746511881,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
                      2⤵
                        PID:5384
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16822016798871308841,14748755294746511881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:5408
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,16822016798871308841,14748755294746511881,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
                        2⤵
                          PID:5348
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1f693b34h118ch43cfhaa09h2d89cec8a703
                        1⤵
                          PID:3676
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8207f46f8,0x7ff8207f4708,0x7ff8207f4718
                            2⤵
                              PID:5700
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10986803888252686003,3003857831845324185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
                              2⤵
                                PID:996
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10986803888252686003,3003857831845324185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
                                2⤵
                                  PID:3600
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10986803888252686003,3003857831845324185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:8
                                  2⤵
                                    PID:5376
                                • C:\Windows\system32\wwahost.exe
                                  "C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
                                  1⤵
                                  • Modifies Internet Explorer settings
                                  • Modifies data under HKEY_USERS
                                  • Modifies registry class
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5436

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  27ff0ad692f41c03dc35087c3ab14711

                                  SHA1

                                  05aa1f84e78fa89a1c66f050deb18cb844d36dd3

                                  SHA256

                                  ec10956ef89e13eb8ec5e6f7efbf69527888abeb3088bc7d09ecbb9f61b96c7e

                                  SHA512

                                  b0d5e6f0acfe040afa4e39f21a4b498d85d0c16597479daceff3e7e5a93cc952189eb4d2528518f0718b01d2dcadde9422379071ac5efc9938e391eae4816c3f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  39e376ee2f541e6b1ed0bca701e8fb59

                                  SHA1

                                  bfe3cc2eed8721339d433533aef6e18e0a13a9a3

                                  SHA256

                                  80eda1e4d8c05e257ff17ef734d606e67d8ab70b3e351430b2b231631eed5e04

                                  SHA512

                                  a3f082c32857db0e3dec24394a259fff85e21b6a7b057ef55933504c23ec38cbb3237eb519d38385fc53cbc584c52aaf66291f44231245d9afee509a108a3350

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  39c51e5592e99966d676c729e840107b

                                  SHA1

                                  e2dd9be0ffe54508a904d314b3cf0782a9a508b7

                                  SHA256

                                  29f29a3495976b65de3df2d537628d260bc005da5956b262ff35e9f61d3d9ed3

                                  SHA512

                                  b20532d0131b12603410c3cb425cb5df0ddc740f34e688455eff757802ffc854be771b30c3ff196e56b396c6fe53928a1577c8330b00f3f7b849fcf625e51bf4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  da43330d47cb83efd849ddbdf3a4c6b3

                                  SHA1

                                  a5b70dd7b1f7569a3970af9e77d58459459fe4cf

                                  SHA256

                                  c653d4d27e54e36a1efe29a2a5bbb80f53564be3f4bf80155ead80e12d1982a1

                                  SHA512

                                  11f4886f6032d16acac273f18f9ac348645bda19033f594b93965f48cce1cd72d5e4a5a775e9ba35076fc16e2106c9a132d8fd9b84d8482ed05c465321acca98

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  033bd446070f751f6ae775fa15361e3c

                                  SHA1

                                  696b3afb9b716c65c0360f5a98a472daa1fbcfec

                                  SHA256

                                  07a3468d344b63b8a8fc4197a7eca09ff15fe3a58f9ecb22a32965072fed108c

                                  SHA512

                                  3cd1f89625da5dd5ec65e5b512c343a007f39096c997cf969089ce94a0e27dc26786e47bc69ba60daf42eb6cc981d707b90f4e8588fe8e2b9dabdad3d4a52965

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                  Filesize

                                  347B

                                  MD5

                                  9f829319ab798b37ea836312e44d461e

                                  SHA1

                                  ed13582c231cc63cc610a02bdc423ee7564c3fe0

                                  SHA256

                                  7b2c78319e00bac1ae5a3c0aef5fb0bcb225edeb78739865a19c0e2879b4096f

                                  SHA512

                                  4560925c9c663e6ebdcec3e202364731926b14b0f66bafc5e5ab752e1aec4991bb0ed492f8d2054bdac5c80e53feba90f42d6828ef46f3b6dd89a073bc113463

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                  Filesize

                                  350B

                                  MD5

                                  3ac1ce588c0376500c97b34057337843

                                  SHA1

                                  a9b6661b4a5ecd93b6c88925bd416d87ab3ccbac

                                  SHA256

                                  67a26b22e1792117132e37105e258c7ecae14320c41af50ad79f3efcd854244b

                                  SHA512

                                  06e154f79066d160f2b90e343b431e43549ca3a8810627c23ca87535b718a6ca9c60810b826d53470a040e1cc995c9b87523bf616810f1d3e700055d1e048a9f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                  Filesize

                                  323B

                                  MD5

                                  03054f887126a5160d018af945722795

                                  SHA1

                                  6f371edca2d158b609699f6e3cac62b030c7c242

                                  SHA256

                                  c470a9da26a47b00c18141c199b999c3b729cf9a580f5b0c45d239127be630c5

                                  SHA512

                                  3bd4392ec81d7baed19045086d3892e8524bc272dc336f5047e080271e7bd010bf9ed6ea0c5defd94b5fef89400e9eaece0e3c3a5cf8bb7cc1c775b2501c1033

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                  Filesize

                                  323B

                                  MD5

                                  d8a989e9e46283e22e60ad77e5a0961c

                                  SHA1

                                  a3de083e624267a993e8760c13cf205d1ff053e5

                                  SHA256

                                  ad7129c004b2a66bd82c7d7e3ad48d8f6b192feff3224d54a5a936188bc4ca76

                                  SHA512

                                  99f80c4656b056ad39a3bb73ca7332ed3271128a5f90a6bb7347d203f1dee67ffeb1fa782caaa6766a86588bd36ff338a59e1983680ccc92e967b1db571bc51d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d56d984a-2d28-4a64-a417-393ecd84649d.tmp
                                  Filesize

                                  1B

                                  MD5

                                  5058f1af8388633f609cadb75a75dc9d

                                  SHA1

                                  3a52ce780950d4d969792a2559cd519d7ee8c727

                                  SHA256

                                  cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                  SHA512

                                  0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                  Filesize

                                  11B

                                  MD5

                                  838a7b32aefb618130392bc7d006aa2e

                                  SHA1

                                  5159e0f18c9e68f0e75e2239875aa994847b8290

                                  SHA256

                                  ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                  SHA512

                                  9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  8KB

                                  MD5

                                  9d56ccbeabd39e18c6e67239305b3a5f

                                  SHA1

                                  92939ddc863ecaee3d9d25b7b8f8908d1dc67098

                                  SHA256

                                  4c65386b969a0e830e2a79c361c7f40499d12433c86a7ace3743ebc8c33a0f80

                                  SHA512

                                  1ad4f7bceea1a755efe8e0de734ef41343f2964b7821e72d6845a95a0777facbb7b30fc12cc32c468f93197c1b33b5b79a99474787a04738381be821443bfa07

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  8KB

                                  MD5

                                  d487cfa4764f029a7ab492e22af1d13d

                                  SHA1

                                  b45b29b1b6aad54f17aeeb2a798829c8cdd24faa

                                  SHA256

                                  b92ef5189f067daf1d49996cddc7a40837e1f785acae817061493451d5734651

                                  SHA512

                                  929f95948ec131efe3789403e71270c8b90eb9b473e93428c42f5495287b7d0754f99740995eefa5213656f2376064195e5d6d53c83cfe3afeee13953e80a293

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                  Filesize

                                  264KB

                                  MD5

                                  f50f89a0a91564d0b8a211f8921aa7de

                                  SHA1

                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                  SHA256

                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                  SHA512

                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.json
                                  Filesize

                                  143B

                                  MD5

                                  af6b577dfcb368967d6ffd5d830eb697

                                  SHA1

                                  6886b41c6f07ada168e623e7f46fce8250039104

                                  SHA256

                                  8d4e3f0520fe7df69bf17f5f8178810a2be7dda235ab9aa6d90dc597ba908dde

                                  SHA512

                                  50ceecb40d7fcce350842529b636510d96b60107835079acfa154795f6dd024f1600f3d4b0723129bcdc7e4ae467461f2c801c6865f719108c83d1fc1c5cdfbd

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
                                  Filesize

                                  338KB

                                  MD5

                                  04fb36199787f2e3e2135611a38321eb

                                  SHA1

                                  65559245709fe98052eb284577f1fd61c01ad20d

                                  SHA256

                                  d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

                                  SHA512

                                  533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

                                  Download Submit

                                • memory/4056-18-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4056-17-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4056-16-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4056-15-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4056-14-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4056-12-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4056-7-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4056-8-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4056-6-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4056-13-0x000002B190A20000-0x000002B190A21000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5436-368-0x00000167136B0000-0x00000167136D0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download