Analysis Report · CAPE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Options	Log(s)
FILE	exe	2025-06-13 14:56:58	2025-06-13 15:27:59	1861 seconds	Show Options	Show Analysis Log

procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1

2024-11-25 13:37:15,100 [root] INFO: Date set to: 20250613T10:26:26, timeout set to: 1800
2025-06-13 11:26:26,071 [root] DEBUG: Starting analyzer from: C:\tmpjeo7jmad
2025-06-13 11:26:26,071 [root] DEBUG: Storing results at: C:\SbKWKlSV
2025-06-13 11:26:26,071 [root] DEBUG: Pipe server name: \\.\PIPE\OVRmkbV
2025-06-13 11:26:26,071 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32
2025-06-13 11:26:26,086 [root] INFO: analysis running as an admin
2025-06-13 11:26:26,102 [root] INFO: analysis package specified: "exe"
2025-06-13 11:26:26,133 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2025-06-13 11:26:27,118 [root] DEBUG: imported analysis package "exe"
2025-06-13 11:26:27,118 [root] DEBUG: initializing analysis package "exe"...
2025-06-13 11:26:27,118 [lib.common.common] INFO: wrapping
2025-06-13 11:26:27,118 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation
2025-06-13 11:26:27,118 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\MusNotifyIcon.exe
2025-06-13 11:26:27,118 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2025-06-13 11:26:27,118 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2025-06-13 11:26:27,133 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2025-06-13 11:26:27,133 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2025-06-13 11:26:27,321 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-06-13 11:26:27,321 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2025-06-13 11:26:27,368 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-06-13 11:26:27,383 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-06-13 11:26:27,399 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-06-13 11:26:27,399 [lib.api.screenshot] ERROR: No module named 'PIL'
2025-06-13 11:26:27,399 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-06-13 11:26:27,477 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-06-13 11:26:27,477 [root] DEBUG: Initialized auxiliary module "Browser"
2025-06-13 11:26:27,477 [root] DEBUG: attempting to configure 'Browser' from data
2025-06-13 11:26:27,477 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-06-13 11:26:27,477 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-06-13 11:26:27,477 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-06-13 11:26:27,477 [root] DEBUG: Initialized auxiliary module "DigiSig"
2025-06-13 11:26:27,477 [root] DEBUG: attempting to configure 'DigiSig' from data
2025-06-13 11:26:27,477 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2025-06-13 11:26:27,477 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2025-06-13 11:26:27,477 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2025-06-13 11:26:38,805 [modules.auxiliary.digisig] DEBUG: File has a valid signature
2025-06-13 11:26:38,805 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2025-06-13 11:26:39,024 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2025-06-13 11:26:39,024 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-06-13 11:26:39,024 [root] DEBUG: attempting to configure 'Disguise' from data
2025-06-13 11:26:39,024 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-06-13 11:26:39,024 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-06-13 11:26:39,024 [modules.auxiliary.disguise] INFO: Disguising GUID to 263724cb-a029-4616-878c-0cf244988355
2025-06-13 11:26:39,024 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-06-13 11:26:39,024 [root] DEBUG: Initialized auxiliary module "Human"
2025-06-13 11:26:39,024 [root] DEBUG: attempting to configure 'Human' from data
2025-06-13 11:26:39,024 [root] DEBUG: module Human does not support data configuration, ignoring
2025-06-13 11:26:39,024 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-06-13 11:26:39,024 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-06-13 11:26:39,024 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-06-13 11:26:39,024 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-06-13 11:26:39,024 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-06-13 11:26:39,024 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-06-13 11:26:39,024 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2025-06-13 11:26:39,024 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-06-13 11:26:39,024 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-06-13 11:26:39,024 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-06-13 11:26:39,024 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-06-13 11:26:39,024 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-06-13 11:26:39,039 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696
2025-06-13 11:26:39,055 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmpjeo7jmad\dll\696.ini
2025-06-13 11:26:39,055 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2025-06-13 11:26:39,055 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2025-06-13 11:26:39,055 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor
2025-06-13 11:26:39,055 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor
2025-06-13 11:26:39,055 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor
2025-06-13 11:26:39,055 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-06-13 11:26:39,071 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpjeo7jmad\dll\eJXvNnhR.dll, loader C:\tmpjeo7jmad\bin\IytHUKoC.exe
2025-06-13 11:26:39,134 [root] DEBUG: Loader: IAT patching disabled.
2025-06-13 11:26:39,134 [root] DEBUG: Loader: Injecting process 696 with C:\tmpjeo7jmad\dll\eJXvNnhR.dll.
2025-06-13 11:26:39,164 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'.
2025-06-13 11:26:39,164 [root] INFO: Disabling sleep skipping.
2025-06-13 11:26:39,164 [root] DEBUG: 696: Full process memory dumps enabled.
2025-06-13 11:26:39,164 [root] DEBUG: 696: Import reconstruction of process dumps enabled.
2025-06-13 11:26:39,164 [root] DEBUG: 696: Active unpacking of payloads enabled
2025-06-13 11:26:39,180 [root] DEBUG: 696: CAPE debug - unrecognised key norefer.
2025-06-13 11:26:39,180 [root] DEBUG: 696: TLS secret dump mode enabled.
2025-06-13 11:26:39,180 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542
2025-06-13 11:26:39,196 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable
2025-06-13 11:26:39,196 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0
2025-06-13 11:26:39,196 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 464, image base 0x00007FF60D500000, stack from 0x0000008EFAA74000-0x0000008EFAA80000
2025-06-13 11:26:39,196 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe
2025-06-13 11:26:39,211 [root] DEBUG: 696: Hooked 5 out of 5 functions
2025-06-13 11:26:39,211 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-06-13 11:26:39,211 [root] DEBUG: Successfully injected DLL C:\tmpjeo7jmad\dll\eJXvNnhR.dll.
2025-06-13 11:26:39,211 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe>
2025-06-13 11:26 <truncated>

Machine

Name	Label	Manager	Started On	Shutdown On	Route
win10-2	win10-2	KVM	2025-06-13 14:56:58	2025-06-13 15:27:40	none

File Details

File Name	MusNotifyIcon.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
File Size	375544 bytes
MD5	f9f0e9eab86ca5835142470b44d1a673
SHA1	73fe791eb7517ad75d6a3d65d5bf46beba341a32
SHA256	8eda1c8903a3a80919bf6cca66e43f9b0ceccacd791a359d63a1cda2621c01ae [VT] [MWDB] [Bazaar]
SHA3-384	4cea26f73893c46c7b96f68b5c5c7a0736aae5aaa985f0f6bca7e5ad9927ce598c74da8e0537743d9cc8fbf7d8669de5
CRC32	4061A3BE
TLSH	T1CE84FA157E98C073F42682B44DB5C7A9AE713D235F10C6CBBAA0736E3E72A946D3C119
Ssdeep	3072:4ny7O/BzRT8rsdIllkbuOsFiLimgcxpTVxlkB5/:Qy7O5R8rscCBsFCimg4kD
PE	File Strings BinGraph Vba2Graph VirusTotal

98v.H

NotifyIconNotified

Error Originate:IconWindowManager::GetFirstEncounterTimestamp:1471

Error Originate:IconWindowManager::GetCurrentResourceIndex:993

UpdateRevision

Error Originate:IconWindowManager::GetUsoSession:580

api-ms-win-core-kernel32-legacy-l1-1-0.dll

Microsoft Corporation1.0,

BCryptDestroyHash

l$ VWAVH

@.data

PathCchRemoveBackslash

Error Originate:UXElementStore::GetXmlFilePath:1125

LocalAlloc

H+T$hH

.idata$6

Error Originate:IconWindowManager::ShouldShowIcon:1748

.idata$4

WindowsCreateStringReference

H;T$hw

A^_^][

CloseThreadpoolTimer

CertVerifyCertificateChainPolicy

api-ms-win-core-heap-l1-1-0.dll

UXElementStorePath

GetCampaignContentLocation

WUIconClass

ReleaseMutex

GetStartupInfoW

A_A]A\_^[]

L$ SUVWH

ResolveDelayLoadedAPI

_initterm_e

Microsoft Time-Stamp Service

_o___stdio_common_vswprintf

Error Originate:IconWindowManager::LoadCampaignInfo:1398

UWAUH

D8'uS

Error Originate:UXElementStore::ExtractCurrentScenario:654

@A_A^_^]

8a27f2ca-9fcd-4181-9520-7fa56b86b178

trayicon

D$HE3

_o__cexit

RegisterClassExW

CreateSemaphoreExW

CT$xH

|hK,_

O:N3F

Error Originate:IconWindowManager::ShowContextMenu:1117

Warning:IconWindowManager::NotifyIcon:927

Warning:UXElementStore::GetXmlFilePath:1053

api-ms-win-core-com-l1-1-0.dll

Error Originate:UXElementStore::ExtractValues:527

UpToDate status timestamp check result

L?fOu

?_Xlength_error@std@@YAXPEBD@Z

Error Originate:UXElementStore::Initialize:163

COMCTL32.dll

PathCchSkipRoot

SchedulePickerOption

_o_malloc

t$ UWAVH

A_A^A\_^][

_o__initialize_onexit_table

MoveFileW

FileVersion

fD9|A

_o_free

CreateWindowExW

_o__purecall

campaign

Error Originate:IconWindowManager::WindowProc:139

D$PE3

L$hH3

u=D9!

Error Originate:IconWindowManager::GetCurrentResourceIndex:973

RedStatusTimestamp session variable not found

Error Originate:IconWindowManager::RemoveWindowAndIcon:854

Microsoft Corporation1&0$

__C_specific_handler

CreateXmlReader

f9<Au

p AWH

L$ H9L$(

Dynamic UX campaign name:

1(0&0

.didat$7

180703204550Z

L$HE3

Error Originate:IconWindowManager::ShowContextMenu:1170

Error Originate:IconWindowManager::GetNotifyIconArgs:372

l$xfD

memmove

std::exception: %hs

Warning:IconWindowManager::LoadCampaignInfo:1405

t$ E3

AppendMenuW

(caller: %p)

Error Originate:IconWindowManager::GetNotifyIconArgs:411

Warning:UXElementStore::ExtractCurrentScenario:654

TlP0X

wilResult

{8uOH

Warning:UXElementStore::GetXmlFilePath:1059

Error Originate:UXElementStore::ExtractCurrentScenario:660

CD$XL

Error Originate:UXElementStore::GetXmlFilePath:1181

250701214655Z0|1

UAVAWH

.rtc$TAA

|$ AVH

_o_exit

bad allocation

Windows Update tray icon - context menu invoked

0A_A^A]A\_^[

Error Originate:IconWindowManager::GetIconDelayInDays:1553

QueryTraceW

</dependentAssembly>

d$\fD

u299vbH

Error Originate:IconWindowManager::GetTrayIconStatus:1034

.text$mn$00

t$ WH

VWAVH

X_^[]

SetLastError

r45^mn

Error Originate:IconWindowManager::WindowProc:167

.rsrc$01

System\Versions

CallContext:[%hs]

Error Originate:UXElementStore::GetUserLocale:893

DebugBreak

Software\Microsoft\DTU

O0M0K

o\$PH

Unknown exception

040904B0

Microsoft Corporation

FirstEncounterTime

.CRT$XIC

A_A^A]A\_^[]

api-ms-win-crt-runtime-l1-1-0.dll

LoadLibraryExW

Empty element

memcmp

.rdata$zETW2

M H1E

Error Originate:UXElementStore::Initialize:185

Error Originate:IconWindowManager::LoadConfigString:1353

Error Originate:UXElementStore::GetXmlFilePath:1130

229879+4379540

Troubleshooting

J9>tFA

Warning:UXElementStore::ExtractCurrentScenario:665

@USVWAVH

$9|$0}1I

YellowStatusTimestamp session variable not found

<assemblyIdentity

Ehttp://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0

M;a s?H

Warning:IconWindowManager::EnsureWindowProcAndIcon:338

__std_terminate

Error Originate:IconWindowManager::WindowProc:197

FindWindowExW

AcquireSRWLockShared

neutral

ntelD

D$PH;

98vGH

D98vBH

CD$Xf

D98v9H

A_A^A]A\_^]

.?AVbad_alloc@std@@

[&1gt

@UVWATAUAVAWH

@SUVWAVH

Error Originate:IconWindowManager::EnsureWindowProcAndIcon:289

.rtc$IZZ

CreateMutexExW

Error Originate:IconWindowManager::CalculateTooltipText:689

<assemblyIdentity

_o__invalid_parameter_noinfo

A_A^]

EventRegister

InitializeSListHead

d$PfD

Error Originate:IconWindowManager::GetFirstEncounterTimestamp:1464

ms-settings:windowsupdate-restartoptions

Error Originate:IconWindowManager::EnsureWindowProcAndIcon:318

Warning:UXElementStore::GetImageFilePath:1249

FirstRedTimeUTC

L$4E3

ext-ms-win-shell32-shellfolders-l1-1-0.dll

TranslateMessage

_initterm

A8]8t

CoInitializeEx

DeleteFileW

UpdateOrchestratorRoot

_CxxThrowException

Error Originate:UXElementStore::GetImageFilePath:1243

L9k@t

USO_Network

.idata$5

onecore\enduser\windowsupdate\muse\orchestrator\common\lib\filemanager.cpp

Error Originate:IconWindowManager::GetUsoSession:557

LeaveCriticalSection

_o__set_fmode

%s\%s.%03d.etl

Warning:UnpSurfaceHelper::GetCampaignGuidCSV:148

A_A^A\_^

HeapAlloc

InitOnceComplete

@USVWAWH

Error Originate:UXElementStore::GetXmlFilePath:1142

h UAVAWH

Error Originate:IconWindowManager::SendNotifyIconNotifiedEvent:1815

L$ I+

D98v<H

ReadFile

.rtc$IAA

Windows.Foundation.Uri

`A^A\_^]

Error Originate:IconWindowManager::GetFirstEncounterTimestamp:1490

RegQueryValueExW

.pdata

Ozb3za

icondelaydaysoobe

9t$ u

Error Originate:IconWindowManager::SendNotifyIconNotifiedEvent:1868

RedStatusTimestamp

@SVWH

A_A^_^[

VWAUAVAWH

Error Originate:IconWindowManager::CreateWindowAndIcon:746

Microsoft

VarFileInfo

l$ VWATH

NtQueryWnfStateData

Warning:IconWindowManager::HandleContextMenu:1250

Warning:IconWindowManager::NotifyIcon:911

L$pH3

callContext

.data$brc

H3E H3E

Error Originate:IconWindowManager::CreateWindowAndIcon:736

InternalName

.didat$2

Warning:IconWindowManager::LoadConfigString:1329

Warning:IconWindowManager::HandleContextMenu:1239

DynamicInstalledProducts

DaysDelayedAfterOOBE

.text$yd

SetEndOfFile

SystemVersions

TUUUUUU

fF9$Wu

H+L$(H

.data$r$brc

Warning:UXElementStore::ExtractValues:543

CreateDirectoryW

IsProcessorFeaturePresent

.WUCurrentVersion

fF9,Au

Windows Update tray icon status

Error Originate:IconWindowManager::GetIconDelayInDays:1575

_o_wcstoul

api-ms-win-core-libraryloader-l1-2-0.dll

api-ms-win-core-profile-l1-1-0.dll

SystemSetup

RtlUnsubscribeWnfNotificationWaitForCompletion

L9Y s

BCryptCloseAlgorithmProvider

GetMessageW

t_H9{

onecore\enduser\windowsupdate\muse\ux\utilities\settingutil.cpp

_o__initialize_wide_environment

api-ms-win-core-localization-l1-2-0.dll

.rsrc$02

D$xH;

@SUVWAVAW

d$pfD

CreateFileW

WindowsUpdatePolicies

SetEvent

Window needs to be created before icon can be modified.

D$T9p

Error Originate:IconWindowManager::GetIconDelayInDays:1592

_o__configthreadlocale

t?D9!v:H

H_^][

Warning:UXElementStore::ExtractValues:538

f(D8&t

en-US

t$H9\$0

F0D8#ukD8c

Local\SM0:%d:%d:%hs

api-ms-win-core-winrt-l1-1-0.dll

Error Originate:IconWindowManager::ModifyIcon:799

RegGetValueW

FindNextFileW

0A^_^

Should icon be shown in the tray

OLEAUT32.dll

BCryptGetProperty

Error Originate:UXElementStore::GetImageFilePath:1249

Error Originate:UXElementStore::GetXmlFilePath:1053

Failed to read registry value HKLM\%ws\%ws[%ws]

Icon tooltip set

Window exists but icon was not found.

_o_wcstol

.text$di

C D8U@u

Error Originate:IconWindowManager::EnsureWindowProcAndIcon:301

AcquireSRWLockExclusive

api-ms-win-crt-private-l1-1-0.dll

FindClose

Error Originate:UXElementStore::Initialize:234

fD9d}

FormatMessageW

api-ms-win-core-winrt-string-l1-1-0.dll

version="5.1.0.0"

Legal_Policy_Statement

USOShared

originatingContextMessage

u"D9Y s

`A_A^A]A\_^]

module

l$ E3

%hs!%p:

CT$`L

0]O~S

K SVWH

VWATAVAWH

fD9<Qu

Error Originate:UXElementStore::GetUserLocale:882

Software\Policies\Microsoft\Windows\WindowsUpdate

Warning:UXElementStore::Initialize:223

_o___p__commode

CoUninitialize

LegalCopyright

0A_A^A\_^

Error Originate:IconWindowManager::GetUsoSession:545

function

Warning:UXElementStore::ExtractCurrentScenario:649

L$(H3

No updates found for the tray icon telemetry events.

Initializing tracing

Error Originate:IconWindowManager::GetNotifyIconArgs:480

A_A^A]A\_

BCryptOpenAlgorithmProvider

api-ms-win-stateseparation-helpers-l1-1-0.dll

D$@fD

.rtc$TZZ

CoCreateFreeThreadedMarshaler

GetCurrentProcessId

A^A\_^[

L$XH3

UserCommand

p WAVAWH

_o__wcsicmp

GetSystemTime

D;X s

I0G1-0+

Error Originate:IconWindowManager::ShowContextMenu:1158

DeleteCriticalSection

WindowsUpdateUXRoot

ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll

.rdata$zETW0

RaiseException

Error Originate:IconWindowManager::GetDaysSinceOOBE:1650

CreateThreadpoolTimer

api-ms-win-shcore-obsolete-l1-1-0.dll

\$ WH

Error Originate:IconWindowManager::EnsureWindowProcAndIcon:261

Current state is never allowed in the tray.

RtlCaptureContext

Software\Microsoft\WindowsUpdate\Orchestrator\Configurations

M0K0I

Error Originate:UXElementStore::Initialize:180

H!^(H

CoCreateInstance

api-ms-win-core-file-l1-1-0.dll

Microsoft.Windows.Update.Ux.NotifyIcon

PathCchCanonicalize

GetCommandLineW

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Update\TargetingInfo\DynamicInstalled

Error Originate:IconWindowManager::WindowProc:132

L9|$p

Error Originate:IconWindowManager::GetNotifyIconArgs:398

x ATAVAWH

DelayLoadFailureHook

UNP\UpdateNotificationHelpers.dll

3-v17

)-B82

dialogs

WaitForSingleObjectEx

_o___std_exception_copy

Software\Microsoft\UIX\ProductFeatures

tq9P(u

L$0H3

[ UVWH

tooltip

Iv /i

GetCursorPos

GetFileAttributesW

Error Originate:UpdateUtil::GetETag:2806

Microsoft Time-Stamp PCA 20100

%s_Temp.*.etl

w+H9A

api-ms-win-crt-string-l1-1-0.dll

I|$(H

\$ HcD$$Hc

_o__configure_wide_argv

api-ms-win-eventing-controller-l1-1-0.dll

WilStaging_02

CompareFileTime

WindowsUpdate

ObjectLength

Error Originate:IconWindowManager::SendNotifyIconClickedEvent:1915

.rdata$zzzdbg

tHH;1u4H

.rdata$r

f9,Ku

9\$0|H

api-ms-win-core-path-l1-1-0.dll

FirstYellowTime

L;Y L

WTHelperProvDataFromStateData

Error Originate:UXElementStore::GetFilePath:990

LoadStringW

L$0M9a sEI

TzSpecificLocalTimeToSystemTime

delayDays

DestroyMenu

WAVAWH

L+D$

.CRT$XIA

.rdata

api-ms-win-core-errorhandling-l1-1-0.dll

@USWH

Error Originate:IconWindowManager::HandleContextMenu:1257

RtlNtStatusToDosError

CoTaskMemFree

language='*' />

111019184142Z

MusNotifyIcon.exe

processorArchitecture="amd64"

GetUserPreferredUILanguages

rMfD9?w

u6D9!veH

DispatchMessageW

T$8H+

|$0H;

L;O r

UpToDateStatusTimestamp session variable not found

api-ms-win-core-rtlsupport-l1-1-0.dll

A_A^_

UpdateStore

.CRT$XIZ

PathCchAppend

Microsoft Corporation1200

9h(twH

BCryptFinishHash

|$89|$0|

f94Qu

Error Originate:UXElementStore::Initialize:218

value

Error Originate:UXElementStore::GetXmlFilePath:1064

WriteFile

x UAVAWH

H;P A

Washington1

CreatePopupMenu

@A__]

_o__invalid_parameter_noinfo_noreturn

InitializeCriticalSectionEx

CD$XH

Error Originate:UXElementStore::GetUserLocale:905

msvcp_win.dll

%Microsoft Windows Production PCA 20110

!This program cannot be run in DOS mode.

Warning:UXElementStore::Initialize:234

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>

%Microsoft Windows Production PCA 2011

FileDescription

Days to delay read from OneSettings

Error Originate:IconWindowManager::LoadCampaignInfo:1391

Error Originate:UXElementStore::GetXmlFilePath:1114

A_A^A\

Msg:[%ws]

Failed to write registry value HKCU\%ws\%ws[%ws]

\$ UVWH

WaitForSingleObject

->'JJ

@A^_^

Error Originate:IconWindowManager::GetNotifyIconArgs:451

icondelaydays

Error Originate:IconWindowManager::GetUsoSession:603

DestroyWindow

Warning:IconWindowManager::LoadCampaignInfo:1413

version='6.0.0.0'

Failed to load dynamic UX campaign info.

fD9$Ku

Error Originate:IconWindowManager::SendNotifyIconClickedEvent:1960

200110211429Z0

YellowStatusTimestamp

api-ms-win-core-shlwapi-legacy-l1-1-0.dll

api-ms-win-eventing-provider-l1-1-0.dll

Error Originate:UXElementStore::ExtractCurrentScenario:649

Error Originate:UXElementStore::CheckIfScenarioApplicable:422

fA9>t

L$ UVWATAUAVAWH

api-ms-win-core-threadpool-l1-2-0.dll

Microsoft America Operations1&0$

Up To date Status

Arguments passed to MusNotifyIcon.exe are incorect. They should be <NotifyTrayIcon UpToDateStatusID>.

api-ms-win-core-heap-l2-1-0.dll

Data\MetaData

Microsoft Corporation1

0XK5Os+

api-ms-win-core-processthreads-l1-1-0.dll

UWATAVAWH

A_A^A]A\_^[

Error Originate:UXElementStore::ExtractValues:538

GetClassInfoExW

T$4H;T$hw

98v5H

xRD9u

RtlSubscribeWnfStateChangeNotification

MusNotifyIcon.pdb

Error Originate:UXElementStore::Initialize:223

@USVWATAVAWH

GetModuleFileNameA

Redmond1

>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0

Warning:UXElementStore::GetStringValue:759

ED$`H

@RichT

L$0H!D$

name='Microsoft.Windows.Common-Controls'

ntdll.dll

StartTraceW

_o__set_app_type

A^_^[]

SVWATAUAVAWH

_register_thread_local_exe_atexit_callback

WinVerifyTrust

USER32.dll

T$(E3

ShouldShowIcon

api-ms-win-core-sysinfo-l1-1-0.dll

DUShared

SHGetKnownFolderPath

string

USOPrivate

+e#St~pE

UVAVH

Microsoft Time-Stamp PCA 2010

10.0.17763.292

api-ms-win-core-synch-l1-1-0.dll

memcpy

SetForegroundWindow

.idata$3

PathAllocCanonicalize

D$ fD

CD$Xf9\H

Redirection Id %ws not found in default map.

_o_terminate

WaaS assessment status is out of date, changing tooltip.

api-ms-win-core-registry-l1-1-1.dll

xW!%!K

L9{@u

OpenSemaphoreW

261019185142Z0

Error Originate:UXElementStore::ExtractValues:505

Error Originate:IconWindowManager::SendNotifyIconNotifiedEvent:1861

Error Originate:IconWindowManager::GetDaysSinceOOBE:1660

NotifyAction

ReleaseSRWLockExclusive

Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z

181024211429Z

Error Originate:UXElementStore::Initialize:213

r~akow

OobeCompleteTimeStamp

.didat$5

CoWaitForMultipleHandles

10.0.17763.292 (WinBuild.160101.0800)

Error Originate:IconWindowManager::ModifyIcon:807

Jd>rT&

FallbackError

!\$ H

RtlLookupFunctionEntry

Error Originate:UXElementStore::Initialize:197

EnterCriticalSection

Failed to read registry value HKCU\%ws\%ws[%ws]

.CRT$XCU

internal\sdk\inc\wil\resource.h

RtlDllShutdownInProgress

Warning:IconWindowManager::NotifyIcon:919

\$ E3

D$(E3

Warning:IconWindowManager::GetNotifyIconArgs:496

Error Originate:IconWindowManager::WindowProc:181

[%hs(%hs)]

api-ms-win-core-delayload-l1-1-1.dll

~0uUH

ms-settings:windowsupdate

Error Originate:UXElementStore::ExtractCurrentScenario:644

fA9,Qu

QueryPerformanceCounter

JfD;7tDL

message

_o__get_wide_winmain_command_line

originatingContextName

effffff

Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator

threadId

H;H s

string too long

"Microsoft Window

Error Propagate:IconWindowManager::EnsureWindowProcAndIcon

FirstYellowTimeUTC

H9C s4H

t"H9}

20190117061336Z0w0=

StringFileInfo

%hs(%d) tid(%x) %08X %ws

oK0D$"<

2333333

oD$ f

.rdata$zETW9

api-ms-win-core-delayload-l1-1-0.dll

9C s!H

Warning:UnpSurfaceHelper::GetCampaignGuidCSV:119

Warning:UXElementStore::Initialize:213

GetCurrentProcess

GetPersistedRegistryLocationW

api-ms-win-core-handle-l1-1-0.dll

Error Originate:UpdateUtil::GetETag:2824

UVWAVAWH

(_^][

L$0E3

BCryptHashData

L9H s

UATAUAVAWH

L$8H3

HeapFree

1http://www.microsoft.com/PKI/docs/CPS/default.htm0@

Error Originate:IconWindowManager::GetDaysSinceCurrentStatus:1701

currentContextId

Unknown context menu command id.

NotifyIcon

Error Originate:UXElementStore::GetXmlFilePath:1120

Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\DTU

UATAWH

d$ E3

A_A^A\_]

Param 2

fileName

FQ'm1

fA96u

fE9$@u

.text$mn

Scenario requested is not known.

100701213655Z

settings

RegSetKeyValueW

D$XE3

LocalFree

ext-ms-win-shell-shell32-l1-2-1.dll

UpToDateStatus

D$8E3

.?AVResultException@wil@@

EnableTraceEx2

failureId

NotifyIconClicked

TerminateProcess

L$@H3

PostMessageW

ti@85P

type="win32"/>

</assembly>

UpdateOrchestratorCurrentVersionRoot

.didat$3

A_A^_^][

f9,Au

L$XH+

DeviceUpdate

UIXProductFeatures

Translation

.?AVbad_array_new_length@std@@

_o__seh_filter_exe

UpdateOrchestratorSharedRoot

Error Originate:IconWindowManager::RemoveWindowAndIcon:847

Error Originate:IconWindowManager::CalculateTooltipText:684

Warning:UXElementStore::CheckIfScenarioApplicable:404

resourceId

Error Originate:IconWindowManager::ShouldShowIcon:1769

UpdateId

Window needs to be created before icon can be notified.

U'H!}

Error Originate:IconWindowManager::EnsureWindowProcAndIcon:328

Error Originate:UXElementStore::GetUserLocale:922

type='win32'

DaysDelayedAfterFirstEncounter

Error Originate:UXElementStore::Initialize:150

UWAVH

WilError_02

D$0@8|$`t]H

EventWriteTransfer

90vEH

publicKeyToken='6595b64144ccf1df'

Error Originate:UXElementStore::GetStringValue:753

t$xI+

_o__callnewh

A_A^A\

Microsoft Windows0

Info Message

Windows.System.Launcher

Software\Microsoft\WindowsUpdate\Orchestrator

@A_A^A]A\_^[

@VWAVH

oL$0f

EventSetInformation

Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z

H!\$8H!\$@H

.CRT$XPZ

TempLogs

.CRT$XIAC

Error Originate:IconWindowManager::HandleContextMenu:1219

Chttp://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a

L$`H3

fF94Bu

ProductVersion

FlushFileBuffers

_c_exit

D$@E3

UWAUAVAWH

.text$x

Delay days config values not set in OneSettings

R!s4Z

OutputDebugStringW

D$ fD98t

Error Originate:UXElementStore::ExtractValues:543

Error Originate:IconWindowManager::GetFirstEncounterTimestamp:1478

t"D8=>

api-ms-win-core-processenvironment-l1-1-0.dll

Error Originate:UXElementStore::GetUserLocale:928

Warning:UnpSurfaceHelper::GetCampaignGuidCSV:110

A_A\]

t fD;?t

FirstEncounterTimeUTC

L$ SWH

@SVWAVAWH

H!t$(I

Error Originate:UXElementStore::GetXmlFilePath:1176

.didat$4

__CxxFrameHandler3

.didat$6

ReturnHr

Error Originate:UXElementStore::ExtractValues:487

_o__set_new_mode

.xdata$x

L$HH3

A^_^

Error Originate:IconWindowManager::ShowContextMenu:1151

Error Originate:UXElementStore::GetFilePath:985

.CRT$XIAA

GetModuleHandleW

String loaded from campaign

WINTRUST.dll

L$0@2

</dependency>

C5O.O

D$PI;

Z2dtU

20190116092656.909Z0

A_A^A\_^[]

failureType

api-ms-win-core-registry-l1-1-0.dll

HashDigestLength

L$ E3

L$PD9

Software\Microsoft\WindowsUpdate\Orchestrator\USOShared

Error Originate:IconWindowManager::LoadConfigString:1313

Windows

onecore\enduser\windowsupdate\muse\ux\utilities\unpsurfacehelper.cpp

IsDebuggerPresent

Error Originate:UXElementStore::ExtractCurrentScenario:665

System\Setup

>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0

style

_o__register_onexit_function

Warning:UXElementStore::GetImageFilePath:1243

.giats

.CRT$XTA

CL$xL+

hresult

.rdata$zETW1

.rsrc

Error Originate:IconWindowManager::SendNotifyIconClickedEvent:1967

iSHp6

kernelbase.dll

D$0E3

Error Originate:IconWindowManager::EnsureWindowProcAndIcon:279

unH9A

fD9(t

fD9<Fu

SystemTimeToFileTime

@A_A^A\

Error Originate:IconWindowManager::SendNotifyIconNotifiedEvent:1822

Scenario requested is inapplicable.

Warning:IconWindowManager::HandleContextMenu:1232

T$PL;

Error Originate:IconWindowManager::SendNotifyIconClickedEvent:1922

ms-settings:windowsupdate-action

RtlVirtualUnwind

.idata$2

TrackPopupMenuEx

@8,1u

H+D$8H

_o__crt_atexit

api-ms-win-core-debug-l1-1-0.dll

x AVH

Software\Microsoft\WindowsUpdate

L$@I+

Thales TSS ESN:D2CD-E310-4AF11%0#

0A_A^_

@SUVWATAVAWH

UWATAUAWH

1/0-0

WATAUAVAWH

RaiseFailFastException

SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings\Network

Error Originate:UXElementStore::ExtractValues:533

OriginalFilename

IsContextMenu

Notifying tray icon of new state

api-ms-win-core-processthreads-l1-1-1.dll

A_A^A]_^

&<]}$wa)#

delayDaysOOBE

BCryptCreateHash

fD9t]

api-ms-win-core-interlocked-l1-1-0.dll

$`2X`F

MusNotifyIcon.exe invoked

t$0D9t$0}C

FileTimeToSystemTime

fD94Ou

Error Originate:IconWindowManager::GetUsoSession:562

fD;8u

processorArchitecture="amd64"

A_A^A]A\_

|$ E3

L$@H+L$8H

.CRT$XCA

.CRT$XCAA

.xdata

Warning:UXElementStore::GetXmlFilePath:1181

Warning:UXElementStore::GetXmlFilePath:1162

$Microsoft Ireland Operations Limited1

.gfids

RoGetActivationFactory

WTHelperGetProvSignerFromChain

UpToDateStatusTimestamp

ReleaseSRWLockShared

\$ UH

Campaign name

TrayIconStatus

Error Originate:IconWindowManager::HandleContextMenu:1267

Error Originate:UXElementStore::GetXmlFilePath:1162

.CRT$XTZ

Warning:UXElementStore::Initialize:163

Error Originate:IconWindowManager::CreateWindowAndIcon:753

Warning:UXElementStore::ExtractCurrentScenario:644

\$8E3

XmlLite.dll

190726204550Z0p1

api-ms-win-eventing-legacy-l1-1-0.dll

SetThreadpoolTimer

%hs(%d)\%hs!%p:

Operating System

FirstRedTime

Error Originate:IconWindowManager::WindowProc:160

fD90t,

u699vjH

x ATH

L9{0t#H

Window needs to be created before context menu can be loaded.

.00cfg

!{oju

Error Originate:IconWindowManager::GetIconDelayInDays:1545

N0L0J

vector<T> too long

@.didat

UnhandledExceptionFilter

Software\Microsoft\WindowsUpdate\UX

FreeLibrary

GetModuleHandleExW

poH4h

@SUVWH

Error

20190116061336Z

RebootScheduledByUser

A_A^A]_[

LdrFastFailInLoaderCallout

H9sHs<

FailFast

DefWindowProcW

UVWATAUAVAWH

!M;` s_H

EventUnregister

NtUpdateWnfStateData

Error Originate:IconWindowManager::SetTrayIconStatus:1070

internal\sdk\inc\wil\staging.h

Software\Microsoft\Windows\CurrentVersion\WindowsUpdate

CloseHandle

L$8E3

U0S0Q

Microsoft Time-Stamp Service0

T$0E3

Window needs to be created before icon can be destroyed.

currentContextName

.?AVexception@std@@

GetLocalTime

DeviceLocalTime

C9fD9?u-

@.reloc

RtlNtStatusToDosErrorNoTeb

UVWATAVH

fD;>t

bad array new length

http://www.microsoft.com/windows0

ATAVAWH

Error Originate:IconWindowManager::GetIconDelayInDays:1560

_o___std_exception_destroy

GetSystemDirectoryW

D$0L;

z.9Wv

VS_VERSION_INFO

t$pH;

,5y/yUsuYJ9qJNM39ZwrmdUL1FC4jr+P/NVJ8R8GYVcI=0Z

98vBH

Microsoft Corporation1%0#

CompanyName

t$ WATAUAVAWH

Failed to determine if registry value HKLM\%ws\%ws[%ws] exists

GetCurrentThreadId

@USVWATAUAVAWH

UWAWH

}0H+}(H

GetLastError

api-ms-win-core-synch-l1-2-0.dll

GetSystemTimeAsFileTime

failureCount

Warning:UXElementStore::Initialize:197

WaitForThreadpoolTimerCallbacks

image

A_A^_^]

AuthD

@SVWATAVH

A__^[]

LogHr

Warning:UnpSurfaceHelper::GetCampaignGuidCSV:75

SWAUAVAWH

Error Originate:IconWindowManager::GetUsoSession:595

Error Originate:IconWindowManager::GetUsoSession:571

Warning:UXElementStore::Initialize:218

.CRT$XCZ

ControlTraceW

UpdateOrchestratorConfigurationRoot

DtuSelfhost

Error Originate:IconWindowManager::GetFirstEncounterTimestamp:1500

%s\%s_Temp.%%d.etl

A_A]A\_]

L$8H!^0H!^8H!^@I

fB9<Cu

Error Originate:IconWindowManager::GetTrayIconStatus:1021

h_^][

PostQuitMessage

USVWATAUAWH

Error Originate:IconWindowManager::GetNotifyIconArgs:390

Error Originate:IconWindowManager::GetNotifyIconArgs:431

Warning:UXElementStore::ExtractValues:487

map/set<T> too long

currentContextMessage

CommandLineToArgvW

_o__exit

Exception

GetProcessHeap

D9|$0

fE;8t

Param 1

Shell_NotifyIconW

USVWH

\$PE3

Software\Microsoft\Windows\CurrentVersion\DeviceUpdate

fD9>u$H

Failed to retrieve updates for the tray icon telemetry events.

CL$xH

gMusErrorTextBlockStyle

.CRT$XPA

L$pE3

SetUnhandledExceptionFilter

Error Originate:UXElementStore::CheckIfScenarioApplicable:404

D$`L;

pA_A^A]A\_^]

Warning:UXElementStore::GetXmlFilePath:1135

.data

WUIconWindow

Error Originate:UXElementStore::GetXmlFilePath:1080

CRYPT32.dll

Update sessions not running.

u0HcH<H

H9P A

A]&eG

api-ms-win-core-timezone-l1-1-0.dll

.?AVtype_info@@

toasts

PathFileExistsW

A_A^A]A\]

A_A^A]_]

.text

D$ E3

Warning:UXElementStore::CheckIfScenarioApplicable:422

InitOnceBeginInitialize

D91tp

NotifyTrayIcon

Error Originate:IconWindowManager::WindowProc:146

_o__errno

\Settings

memset

Error Originate:IconWindowManager::GetDaysSinceOOBE:1637

DMCmnUtils.dll

_o___stdio_common_vsnprintf_s

name="Microsoft.MusNotifyIcon.PROGRAM"

[%hs]

`.rdata

oT$@f

FilesToCollect

Error Originate:UpdateUtil::GetETag:2817

)Microsoft Root Certificate Authority 20100

.rdata$brc

RegOpenKeyExW

Error Originate:UXElementStore::GetXmlFilePath:1135

RegCloseKey

ReleaseSemaphore

SettingsETag

D98v6H

originatingContextId

ChangeWindowMessageFilterEx

\$ UVWAVAWH

|$ UATAUAVAWH

@8|$4

onecore\enduser\windowsupdate\muse\orchestrator\common\lib\registrymanager.cpp

Error Originate:UXElementStore::GetUserLocale:869

GetProcAddress

CreateEventExW

H;D$(u

OOBE check result

u)A8y

lineNumber

Warning:UnpSurfaceHelper::GetCampaignGuidCSV:84

FindFirstFileW

bcrypt.dll

EncodeBase64W

ProductName

Error Originate:IconWindowManager::NotifyIcon:935

PE Information

Image Base	Entry Point	Reported Checksum	Actual Checksum	Minimum OS Version	PDB Path	Compile Time	Import Hash	Icon	Icon Exact Hash	Icon Similarity Hash	Icon DHash
0x140000000	0x00012d70	0x0006b1b8	0x0006b1b8	10.0	MusNotifyIcon.pdb	2005-06-05 17:40:47	e6cf167c56464eb7fae8cca9fd74f077		e701038a14725c22f03804e928842d9c	2e781409e49b2892023341837beaf364	407f69656d797f40

Version Infos

CompanyName	Microsoft Corporation
FileDescription	MusNotifyIcon.exe
FileVersion	10.0.17763.292 (WinBuild.160101.0800)
InternalName	MusNotifyIcon.exe
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	MusNotifyIcon.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	10.0.17763.292
Translation	0x0409 0x04b0

Sections

Name	RAW Address	Virtual Address	Virtual Size	Size of Raw Data	Characteristics	Entropy
.text	0x00000400	0x00001000	0x0001b2e4	0x0001b400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.24
.rdata	0x0001b800	0x0001d000	0x0000d0ae	0x0000d200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.74
.data	0x00028a00	0x0002b000	0x00000b28	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	1.54
.pdata	0x00028e00	0x0002c000	0x00001560	0x00001600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.18
.didat	0x0002a400	0x0002e000	0x000000a0	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	1.09
.rsrc	0x0002a600	0x0002f000	0x0002e248	0x0002e400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	2.22
.reloc	0x00058a00	0x0005e000	0x00000140	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	3.62

Overlay

Offset	0x00058c00
Size	0x00002ef8

Name	Offset	Size	Language	Sub-language	Entropy	File type
MUI	0x0005d178	0x000000d0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.75	None
RT_ICON	0x0002fe18	0x00004228	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.23	None
RT_ICON	0x00034040	0x000025a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.32	None
RT_ICON	0x000365e8	0x00001a68	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.34	None
RT_ICON	0x00038050	0x000010a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.45	None
RT_ICON	0x000390f8	0x00000cd8	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.47	None
RT_ICON	0x00039dd0	0x00000988	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.49	None
RT_ICON	0x0003a758	0x000006b8	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.68	None
RT_ICON	0x0003ae10	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.73	None
RT_ICON	0x0003b2f0	0x00004228	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.16	None
RT_ICON	0x0003f518	0x000025a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.24	None
RT_ICON	0x00041ac0	0x00001a68	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.23	None
RT_ICON	0x00043528	0x000010a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.44	None
RT_ICON	0x000445d0	0x00000cd8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.43	None
RT_ICON	0x000452a8	0x00000988	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.43	None
RT_ICON	0x00045c30	0x000006b8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.52	None
RT_ICON	0x000462e8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.74	None
RT_ICON	0x000467c8	0x00004228	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.66	None
RT_ICON	0x0004a9f0	0x000025a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.77	None
RT_ICON	0x0004cf98	0x00001a68	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.81	None
RT_ICON	0x0004ea00	0x000010a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.90	None
RT_ICON	0x0004faa8	0x00000cd8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.10	None
RT_ICON	0x00050780	0x00000988	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.99	None
RT_ICON	0x00051108	0x000006b8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.14	None
RT_ICON	0x000517c0	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.22	None
RT_ICON	0x00051ca0	0x00004228	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.97	None
RT_ICON	0x00055ec8	0x000025a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.05	None
RT_ICON	0x00058470	0x00001a68	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.13	None
RT_ICON	0x00059ed8	0x000010a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.33	None
RT_ICON	0x0005af80	0x00000cd8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.28	None
RT_ICON	0x0005bc58	0x00000988	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.32	None
RT_ICON	0x0005c5e0	0x000006b8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.49	None
RT_ICON	0x0005cc98	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.66	None
RT_GROUP_ICON	0x0003b278	0x00000076	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.07	None
RT_GROUP_ICON	0x00046750	0x00000076	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.10	None
RT_GROUP_ICON	0x00051c28	0x00000076	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.11	None
RT_GROUP_ICON	0x0005d100	0x00000076	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.08	None
RT_VERSION	0x0002fa70	0x000003a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.50	None
RT_MANIFEST	0x0002f7e0	0x0000028e	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.06	None

Imports

Name	Address
_initterm_e	0x14001da08
_c_exit	0x14001da10
_register_thread_local_exe_atexit_callback	0x14001da18
_initterm	0x14001da20

Name	Address
memset	0x14001da30

Name	Address
_o__get_wide_winmain_command_line	0x14001d8d8
_o__initialize_onexit_table	0x14001d8e0
_o__initialize_wide_environment	0x14001d8e8
_o__invalid_parameter_noinfo	0x14001d8f0
_o__invalid_parameter_noinfo_noreturn	0x14001d8f8
_o__purecall	0x14001d900
_o__register_onexit_function	0x14001d908
_o__seh_filter_exe	0x14001d910
_o__set_app_type	0x14001d918
_o__set_fmode	0x14001d920
_o__set_new_mode	0x14001d928
memcmp	0x14001d930
_o__wcsicmp	0x14001d938
_o_exit	0x14001d940
_o_free	0x14001d948
_o_malloc	0x14001d950
_o_terminate	0x14001d958
_o_wcstol	0x14001d960
_o_wcstoul	0x14001d968
__C_specific_handler	0x14001d970
_CxxThrowException	0x14001d978
_o__configure_wide_argv	0x14001d980
_o__configthreadlocale	0x14001d988
_o__errno	0x14001d990
_o__cexit	0x14001d998
_o__callnewh	0x14001d9a0
_o___stdio_common_vswprintf	0x14001d9a8
_o___stdio_common_vsnprintf_s	0x14001d9b0
_o___std_exception_destroy	0x14001d9b8
_o___std_exception_copy	0x14001d9c0
memcpy	0x14001d9c8
memmove	0x14001d9d0
_o___p__commode	0x14001d9d8
_o__crt_atexit	0x14001d9e0
_o__exit	0x14001d9e8
__std_terminate	0x14001d9f0
__CxxFrameHandler3	0x14001d9f8

Name	Address
LoadStringW	0x14001d650
FreeLibrary	0x14001d658
GetModuleFileNameA	0x14001d660
GetModuleHandleW	0x14001d668
GetProcAddress	0x14001d670
LoadLibraryExW	0x14001d678
GetModuleHandleExW	0x14001d680

Name	Address
GetUserPreferredUILanguages	0x14001d690
FormatMessageW	0x14001d698

Name	Address
GetCurrentThreadId	0x14001d6e8
TerminateProcess	0x14001d6f0
GetStartupInfoW	0x14001d6f8
GetCurrentProcess	0x14001d700
GetCurrentProcessId	0x14001d708

Name	Address
GetProcessHeap	0x14001d5f8
HeapFree	0x14001d600
HeapAlloc	0x14001d608

Name	Address
IsDebuggerPresent	0x14001d510
DebugBreak	0x14001d518
OutputDebugStringW	0x14001d520

Name	Address
UnhandledExceptionFilter	0x14001d550
RaiseException	0x14001d558
SetLastError	0x14001d560
SetUnhandledExceptionFilter	0x14001d568
GetLastError	0x14001d570

Name	Address
CloseHandle	0x14001d5e8

Name	Address
CreateEventExW	0x14001d7a0
InitializeCriticalSectionEx	0x14001d7a8
DeleteCriticalSection	0x14001d7b0
EnterCriticalSection	0x14001d7b8
LeaveCriticalSection	0x14001d7c0
SetEvent	0x14001d7c8
AcquireSRWLockShared	0x14001d7d0
ReleaseSRWLockShared	0x14001d7d8
AcquireSRWLockExclusive	0x14001d7e0
ReleaseSRWLockExclusive	0x14001d7e8
ReleaseSemaphore	0x14001d7f0
WaitForSingleObjectEx	0x14001d7f8
WaitForSingleObject	0x14001d800
OpenSemaphoreW	0x14001d808
ReleaseMutex	0x14001d810
CreateSemaphoreExW	0x14001d818
CreateMutexExW	0x14001d820

Name	Address
EventRegister	0x14001da70
EventWriteTransfer	0x14001da78
EventSetInformation	0x14001da80
EventUnregister	0x14001da88

Name	Address
CommandLineToArgvW	0x14001da98

Name	Address
GetCommandLineW	0x14001d6d8

Name	Address
LocalAlloc	0x14001d618
LocalFree	0x14001d620

Name	Address
InitOnceBeginInitialize	0x14001d830
InitOnceComplete	0x14001d838

Name	Address
CoCreateFreeThreadedMarshaler	0x14001d4d8
CoInitializeEx	0x14001d4e0
CoUninitialize	0x14001d4e8
CoTaskMemFree	0x14001d4f0
CoCreateInstance	0x14001d4f8
CoWaitForMultipleHandles	0x14001d500

Name	Address
GetSystemTimeAsFileTime	0x14001d848
GetSystemTime	0x14001d850
GetLocalTime	0x14001d858
GetSystemDirectoryW	0x14001d860

Name	Address
SystemTimeToFileTime	0x14001d898
FileTimeToSystemTime	0x14001d8a0
TzSpecificLocalTimeToSystemTime	0x14001d8a8

Name	Address
VariantChangeType	0x14001d458
VariantClear	0x14001d460
VariantInit	0x14001d468

Name	Address
RtlVirtualUnwind	0x14001d770
RtlCaptureContext	0x14001d778
RtlLookupFunctionEntry	0x14001d780

Name	Address
IsProcessorFeaturePresent	0x14001d718

Name	Address
QueryPerformanceCounter	0x14001d728

Name	Address
InitializeSListHead	0x14001d630

Name	Address
WindowsCreateStringReference	0x14001d8c8

Name	Address
WaitForThreadpoolTimerCallbacks	0x14001d870
CloseThreadpoolTimer	0x14001d878
CreateThreadpoolTimer	0x14001d880
SetThreadpoolTimer	0x14001d888

Name	Address
FindNextFileW	0x14001d580
SetEndOfFile	0x14001d588
GetFileAttributesW	0x14001d590
ReadFile	0x14001d598
FindFirstFileW	0x14001d5a0
CompareFileTime	0x14001d5a8
CreateFileW	0x14001d5b0
FindClose	0x14001d5b8
DeleteFileW	0x14001d5c0
CreateDirectoryW	0x14001d5c8
FlushFileBuffers	0x14001d5d0
WriteFile	0x14001d5d8

Name	Address
RoGetActivationFactory	0x14001d8b8

Name	Address
RtlNtStatusToDosError	0x14001db08

Name	Address
ChangeWindowMessageFilterEx	0x14001d478
CreatePopupMenu	0x14001d480
DestroyMenu	0x14001d488
AppendMenuW	0x14001d490
TrackPopupMenuEx	0x14001d498

Name	Address
WinVerifyTrust	0x14001d4a8
WTHelperProvDataFromStateData	0x14001d4b0
WTHelperGetProvSignerFromChain	0x14001d4b8

Name	Address
CreateXmlReader	0x14001d4c8

Name	Address
?_Xlength_error@std@@YAXPEBD@Z	0x14001daf8

Name	Address
MoveFileW	0x14001d640

Name	Address
ControlTraceW	0x14001da40
StartTraceW	0x14001da48
EnableTraceEx2	0x14001da50

Name	Address
QueryTraceW	0x14001da60

Name	Address
RegOpenKeyExW	0x14001d738
RegGetValueW	0x14001d740
RegCloseKey	0x14001d748
RegQueryValueExW	0x14001d750

Name	Address
RegSetKeyValueW	0x14001d760

Name	Address
GetPersistedRegistryLocationW	0x14001daa8

Name	Address
PathCchRemoveBackslash	0x14001d6a8
PathCchSkipRoot	0x14001d6b0
PathCchAppend	0x14001d6b8
PathAllocCanonicalize	0x14001d6c0
PathCchCanonicalize	0x14001d6c8

Name	Address
PathFileExistsW	0x14001d790

Name	Address
BCryptGetProperty	0x14001dab8
BCryptOpenAlgorithmProvider	0x14001dac0
BCryptHashData	0x14001dac8
BCryptDestroyHash	0x14001dad0
BCryptFinishHash	0x14001dad8
BCryptCreateHash	0x14001dae0
BCryptCloseAlgorithmProvider	0x14001dae8

Name	Address
CertVerifyCertificateChainPolicy	0x14001d438

Name	Address
ResolveDelayLoadedAPI	0x14001d540

Name	Address
DelayLoadFailureHook	0x14001d530

Name	Address
EncodeBase64W	0x14001d448

Reports: JSON

Statistics (11.52)

Usage

Processing ( 11.43 seconds )

10.197 ProcessMemory
1.185 CAPE
0.029 BehaviorAnalysis
0.023 AnalysisInfo
0.001 Debug

Signatures ( 0.07 seconds )

0.011 ransomware_files
0.008 ransomware_extensions
0.006 antianalysis_detectfile
0.006 antiav_detectreg
0.004 antiav_detectfile
0.004 masquerade_process_name
0.003 infostealer_ftp
0.003 territorial_disputes_sigs
0.003 ursnif_behavior
0.002 antivm_vbox_files
0.002 infostealer_bitcoin
0.002 infostealer_im
0.002 infostealer_mail
0.002 poullight_files
0.001 bot_drive
0.001 antianalysis_detectreg
0.001 antidebug_devices
0.001 antivm_vbox_keys
0.001 antivm_vmware_files
0.001 geodo_banking_trojan
0.001 browser_security
0.001 disables_backups
0.001 disables_browser_warn
0.001 disables_power_options
0.001 azorult_mutexes
0.001 cryptbot_files
0.001 echelon_files
0.001 qulab_files
0.001 revil_mutexes
0.001 modirat_behavior

Reporting ( 0.01 seconds )

0.007 CAPASummary
0.001 JsonDump

Signatures

The PE file contains a PDB path

pdbpath: MusNotifyIcon.pdb

SetUnhandledExceptionFilter detected (possible anti-debug)

Resumed a thread in another process

thread_resumed: Process musnotifyicon.exe with process ID 7128 resumed a thread in another process with the process ID 7128

The binary contains an unknown PE section name indicative of packing

unknown section: {'name': '.didat', 'raw_address': '0x0002a400', 'virtual_address': '0x0002e000', 'virtual_size': '0x000000a0', 'size_of_data': '0x00000200', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xc0000040', 'entropy': '1.09'}

Exhibits possible ransomware or wiper file modification behavior: mass_file_deletion

file: C:\ProgramData\USOShared\Logs\NotifyIcon.100.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.099.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.098.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.097.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.096.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.095.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.094.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.093.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.092.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.091.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.090.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.089.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.088.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.087.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.086.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.085.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.084.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.083.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.082.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.081.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.080.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.079.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.078.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.077.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.076.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.075.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.074.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.073.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.072.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.071.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.070.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.069.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.068.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.067.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.066.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.065.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.064.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.063.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.062.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.061.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.060.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.059.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.058.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.057.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.056.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.055.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.054.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.053.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.052.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.051.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.050.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.049.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.048.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.047.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.046.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.045.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.044.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.043.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.042.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.041.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.040.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.039.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.038.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.037.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.036.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.035.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.034.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.033.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.032.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.031.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.030.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.029.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.028.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.027.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.026.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.025.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.024.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.023.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.022.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.021.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.020.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.019.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.018.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.017.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.016.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.015.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.014.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.013.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.012.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.011.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.010.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.009.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.008.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.007.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.006.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.005.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.004.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.003.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.002.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl

file: ['NotifyIcon_Temp.1.etl']

Yara detections observed in process dumps, payloads or dropped files

Hit: PID 7128 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 59 }']'

Anomalous binary characteristics

anomaly: Entrypoint of binary is located outside of any mapped sections

Clears Windows events or logs

file: C:\ProgramData\USOShared\Logs\NotifyIcon.033.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.090.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.076.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.039.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.038.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.096.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.070.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.089.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.003.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.041.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.062.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.028.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.066.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.024.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.012.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.050.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.013.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.045.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.017.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.085.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.015.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.049.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.060.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.051.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.006.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.054.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.067.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.097.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.052.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.057.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.064.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.065.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.095.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.071.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.023.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.092.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.094.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.087.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.072.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.055.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.031.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.030.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.035.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.047.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.016.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.040.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.011.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.069.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.026.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.098.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.025.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.005.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.086.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.079.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.043.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.046.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.091.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.037.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.080.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.099.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.004.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.042.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.029.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.019.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.018.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.020.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.007.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.036.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.044.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.056.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.100.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.034.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.048.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.053.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.008.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.009.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.010.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.058.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.077.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.059.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.063.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.061.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.027.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.068.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.014.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.083.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.088.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.021.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.078.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.075.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.002.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.084.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.082.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.081.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.074.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.093.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.073.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.032.etl

file: C:\ProgramData\USOShared\Logs\NotifyIcon.022.etl

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

C:\Windows\System32\windows.storage.dll
C:\Users\Packager\AppData\Local\Temp\Wldp.dll
C:\Windows\System32\wldp.dll
C:\Users\Packager\AppData\Local\Temp\profapi.dll
C:\Windows\System32\profapi.dll
C:\ProgramData
C:\ProgramData\USOShared\Logs
C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.*.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.100.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.099.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.098.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.097.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.096.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.095.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.094.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.093.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.092.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.091.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.090.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.089.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.088.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.087.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.086.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.085.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.084.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.083.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.082.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.081.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.080.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.079.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.078.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.077.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.076.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.075.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.074.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.073.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.072.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.071.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.070.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.069.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.068.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.067.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.066.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.065.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.064.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.063.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.062.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.061.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.060.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.059.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.058.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.057.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.056.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.055.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.054.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.053.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.052.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.051.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.050.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.049.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.048.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.047.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.046.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.045.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.044.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.043.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.042.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.041.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.040.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.039.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.038.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.037.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.036.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.035.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.034.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.033.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.032.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.031.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.030.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.029.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.028.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.027.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.026.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.025.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.024.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.023.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.022.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.021.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.020.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.019.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.018.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.017.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.016.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.015.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.014.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.013.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.012.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.011.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.010.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.009.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.008.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.007.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.006.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.005.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.004.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.003.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.002.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl
C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl

C:\ProgramData\USOShared\Logs\NotifyIcon.100.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.099.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.098.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.097.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.096.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.095.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.094.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.093.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.092.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.091.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.090.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.089.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.088.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.087.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.086.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.085.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.084.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.083.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.082.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.081.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.080.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.079.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.078.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.077.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.076.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.075.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.074.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.073.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.072.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.071.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.070.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.069.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.068.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.067.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.066.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.065.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.064.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.063.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.062.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.061.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.060.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.059.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.058.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.057.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.056.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.055.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.054.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.053.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.052.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.051.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.050.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.049.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.048.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.047.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.046.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.045.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.044.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.043.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.042.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.041.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.040.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.039.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.038.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.037.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.036.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.035.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.034.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.033.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.032.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.031.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.030.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.029.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.028.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.027.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.026.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.025.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.024.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.023.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.022.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.021.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.020.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.019.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.018.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.017.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.016.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.015.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.014.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.013.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.012.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.011.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.010.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.009.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.008.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.007.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.006.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.005.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.004.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.003.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.002.etl
C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl
C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MiniNT
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\Bias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardBias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardStart
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightBias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightStart
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContainerId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContainerCorrelationId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContainerType

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\Bias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardBias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardStart
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightBias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightStart
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContainerId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContainerCorrelationId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContainerType

No results

Sorry! No behavior.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No process dumps.

Analysis

Machine

File Details

PE Information

Version Infos

Sections

Overlay

Resources

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

OLEAUT32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-winrt-l1-1-0

ntdll

USER32

WINTRUST

XmlLite

msvcp_win

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

bcrypt

CRYPT32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

DMCmnUtils