Overview

overview

10

Static

static

fb4ef45c89...54.exe

windows7-x64

10

fb4ef45c89...54.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-10-2022 19:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb4ef45c89a844cc3634dfa671063eaf3843e25d780f33b6268d3545096b8c54.exe

  • Size

    320KB

  • MD5

    7d35c8ae681e346c0857e415829f10b0

  • SHA1

    e680f28578744bd237ca3ae96efefd0fbe67af00

  • SHA256

    fb4ef45c89a844cc3634dfa671063eaf3843e25d780f33b6268d3545096b8c54

  • SHA512

    8b822c2c5a4ebc52eacf2e58eb657096c41cbb2e09bc1b06d0ded6b28f2519896446d975eeea702bef41611e6659759cb647519ad8f221ef079b5cabf9a55263

  • SSDEEP

    6144:tRZq3EI7T9bMrBtl8Tln0OYZn855osyIoENdwT5k:Zq3H/9bMdtl8JA7T

Score
10/10
gozi_ifsb1080bankerpersistencetrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1080

C2

newsnortonscheck.com

woofboots.com

broosnoops.pw
Attributes
  • exe_type

    worker

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 58 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 54 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb4ef45c89a844cc3634dfa671063eaf3843e25d780f33b6268d3545096b8c54.exe
    "C:\Users\Admin\AppData\Local\Temp\fb4ef45c89a844cc3634dfa671063eaf3843e25d780f33b6268d3545096b8c54.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      2⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4476
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\C41E.bat" "C:\Users\Admin\AppData\Local\Temp\FB4EF4~1.EXE""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1632
      • C:\Windows\SysWOW64\attrib.exe
        attrib -r -s -h "C:\Users\Admin\AppData\Local\Temp\FB4EF4~1.EXE"
        3⤵
        • Views/modifies file attributes
        PID:3148
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1432
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4248
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4048

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e22ae315-fc27-4079-afb5-167922def2fb}\Apps.ft
    Filesize

    38KB

    MD5

    7314cfd2fad0b6b527a8fe3e6dd97596

    SHA1

    4fc9ef6d5e21c77a92010375a0a5942c3fbf4e4d

    SHA256

    98165953997752f649bbf3479ff75a6a1833984950f41f04aad8ca21a86d00c0

    SHA512

    0b3bab4cfda37ab597337132f92bdc3d3897ac6810d615b6c62cbed71ba8466039cd4da8763143e6ca16b6553f21a36d42e882c6388d4c1608eddf5fef92301d

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e22ae315-fc27-4079-afb5-167922def2fb}\Apps.index
    Filesize

    1.0MB

    MD5

    67ba8e7f7f175a2ddba4371f52818d3f

    SHA1

    ea789f27b78199b51beeea15076b1bb66c6175a9

    SHA256

    b24597daa08491cde184ea8409d441fd6690490b1491f5cd8086d0afef35d12a

    SHA512

    ba9befae7761c5d03dc698eff9a7eed83f3a2a6a00080780e4dbe9139fdec800793f205a521857ba26b42b2cec6e0044b121ec1220a30ae6b9a1148920255903

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133109628019798975.txt
    Filesize

    73KB

    MD5

    83875bc59b4b2ce4ba69690019a7195a

    SHA1

    3cb6837c48c4cd4bad8d3aef4b57021839c1eb44

    SHA256

    c9fa68d0602128a61a36dc93136b49142fc8d66846a5ee626e4244a96bcd147c

    SHA512

    7f7c60abb7999d34cad5dcf437f56954830a92c9ff297a6294d51d32c837f09a9d58d63a110f60c3b31891bd068ac5d5f3511151902690788c94f9b90ebbc3c7

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\-agUIR63wi5ejtPiYoDJzyvaItE.br[1].js
    Filesize

    49KB

    MD5

    cb743300879238548e87bdd924f439ee

    SHA1

    48c262a66dc695c395e84652842b2d95b96af972

    SHA256

    c321f991108d48d8cb75008fa9cfbc918e195f284102847f0bd47c5d0c72fe59

    SHA512

    2889e3d86241cb74aa5365f2645cfd3dac20af812265a1b96b6b57b89b058a88561d04ad95df9dcdcfc43f5c36e41956b08fb60e0be8746f763c604380472914

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\2FlmCt8_0mLFFeOC8caRGywwuj0.br[1].js
    Filesize

    31KB

    MD5

    16b455248ed69b121acb0dba52f4f36e

    SHA1

    346f8fe79decbc8495f3c3281aa77189ff203e2f

    SHA256

    1c87f43c2b009b67ebb2f865f6d2f35d37dc863308fc8ec70e0922444423baa5

    SHA512

    f1c9e5ed8463629471a2d5babc903d06818f9ddfdcbded5ea648b19acc261b4507258f4443c7425a73ac5f8fa5d7631c492439d96a4c828b357200254ea88101

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\6lFX_p2r69AMDJtn379-Jqplukg.br[1].js
    Filesize

    105KB

    MD5

    12491abd4814e7d0fee768d38853c61f

    SHA1

    a8b38e87058f6877487d1306e0f69cc8d159e2d0

    SHA256

    276f28318b6952e512443067ec578d556281ffb29d96781423aad5a54b70fc8f

    SHA512

    ee233f1f28dd30cf42f3ef5fc8ee553b83ff5bd09c8a59de2bcf6e665d13106c97e1900bef8c4332c37d44cdedc72ba346c2245916b7097383eee1c3cc09ddc0

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\6mDplh2-tnrwx7GcRbXrFrcA_p8.br[1].js
    Filesize

    4KB

    MD5

    a70b5d2181ae13bed705724c86375f4e

    SHA1

    3baff0b235c1ea2525191d50ca2fd3011a10145b

    SHA256

    264b1fbcda5416ebe7b7bd3f5fc347a922e93dcc7e7d0703c9d83d321a52ec13

    SHA512

    3e717ba639361db04287860ab70e13e3aa601652bb135e2da31394137a8eda7c5c56cf9f5ba15a9215f64d7d52cf3ebef0b3343f1d6cea56227944849f2145ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\7E8VAkODfg7U7WI8dbX16q_qufI.br[1].js
    Filesize

    95KB

    MD5

    01943265152606868387601ff9c8e9de

    SHA1

    ef785d1f1fc71649c33f23be1cea72b8dae476fe

    SHA256

    c8e11d57f2c1120280f8d2d551432786f979a04f8df07f1d00a79354ee873d6c

    SHA512

    6a1319c2b4020190ef9c8673436758e73f22af2d0f6622ddd5e8000357082fc384b0353adaf5a1a114ddd44db118984c4cbfe3e45ab13dae363d9044f9e5d970

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\7JiA4mfUTnS5nJY0HglHAU8iO-8.br[1].js
    Filesize

    1.7MB

    MD5

    e6b577da59b56422ff0a216f4b8c68f8

    SHA1

    63f69dfaaa757a837bf1e8167faef749303aa6dd

    SHA256

    7403bda52a40c51e8fac3c3aa67317c578bac476df0856b01040c9c4aea298e8

    SHA512

    7f952eb8fc151ecd3ff3e5ca5575202545e647f78771533998288f0286842f0ee1f8b1d8faf01107003f431e502719c4eed562f7c3ec043dc6472cf499510017

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\9CoUHSoLuEjBAvav2GP95cHcN0M.br[1].js
    Filesize

    2KB

    MD5

    c3546304a0369da28a4e110e84f68401

    SHA1

    83e5975527a82846c84914ced08271180f485cc8

    SHA256

    7fc2cb6c6c9743883de1c5e0f200a502b2a02e5a8e922e0e77744044f8b19eb9

    SHA512

    78073502686954f130b9f2fbc1613c1ba746e23e2f8f341fe2084348c40262456ecd0f07a15636a9019100f0867461f109f5bae88babcfb731318dcaabc2b4aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\9RLIrLi3GlOL2Eylg9IcArIkw20.br[1].js
    Filesize

    8KB

    MD5

    e9e0f2c7d9ff4e7ba872a004593454b5

    SHA1

    2db69a5f85d5afd2c523f8f6b8867eaa4e1125f9

    SHA256

    24d847fbf4fd59be3529fdfa7542fd3fe9512662927dd482e60d11344175e778

    SHA512

    f01ac1fed499aab6465f3f1fea96b5036043c260dd8a9029046895768794503264a98e41cc306f54557eac74c228af9a65a1e6cbdcfe6b4e0e8bbbd730f6a6a5

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\9kAvRypYmWc9B8vB-LFOrkNKVL8[1].css
    Filesize

    19KB

    MD5

    79e9abb9776d0a0577d3209ead4ca68d

    SHA1

    47e2a7f82b43451e81789b8bd92de3eeed802c74

    SHA256

    fb02f3758825d03c788c23db2a558fa9f9f490bb1e693d00761162d0ec617ae6

    SHA512

    ad99f8597aa24ce1876038e720187d881efaf3cd437f4483ceac4b8301f837209ec2725cc2eccf0c4fbd3f1bda20715c7aaed085de1705b9233ef31d3adb326d

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\AwK8i0vdU1Fr4Ok7IspvNKL6Uak.br[1].js
    Filesize

    2KB

    MD5

    6cc241f91435a2074e55cf40715a66a3

    SHA1

    461a89fd4a1657ddd3ad5f8f0ba553aa040cbebf

    SHA256

    aefc1baa100056f5b834b5d9cfd1ee523a17951b9ef9f433f3a33900fc975fdb

    SHA512

    7ae1fc133961e8a388411040450ed700fe34b059aa410193722fca8fd8942425f46518777adcc973bf81e01ce1989a6acd1903c0d588fc7e0dc506e037b68cb1

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br[1].js
    Filesize

    1B

    MD5

    c4ca4238a0b923820dcc509a6f75849b

    SHA1

    356a192b7913b04c54574d18c28d46e6395428ab

    SHA256

    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    SHA512

    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\DccpWCpoNzCwM4Qymi_Ji67Ilso.br[1].js
    Filesize

    128KB

    MD5

    23c987e711c002d4ca3cd02deedc9bbf

    SHA1

    c0c26b66ea6793fa884f143e76cb9ad2e0109c7c

    SHA256

    a1c2f4c8ca6113ebdac36f2c33d6ce19bcf2f4bd99ec06e8ba845e2b25b03322

    SHA512

    969bc04d69f629f08585c7c2ee23e998d8c91146b912370cf9886a7f0b067e68654a9581c0203da522d30533871e41c1b96bf60f18091b6c7eb86d1a863b5d06

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\EYNLM9RfkEXFtD8WH1unvJjwzGA.br[1].js
    Filesize

    17KB

    MD5

    e86abefe45e62f7e2f865d8a344d0b6f

    SHA1

    5d4a0a597759412da2b8e9efd1affe8305e7d116

    SHA256

    5d54790c856ce13811590e18ac3b0aceefefb61258852490f4c5c60748365e89

    SHA512

    7903c3046865e3d1db040d66b2c052e3e56f791bc035c56d5fc76b28166dc88fdf6212699f98ee598fa6ba76222dd2da9e428f6662430776edbb4982a232c595

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\Init[1].htm
    Filesize

    204KB

    MD5

    09811b95b919fca7c44353f98009ee53

    SHA1

    47ad27ade44ddab92b5e7b30f25e5692a4b052f8

    SHA256

    e493ac930f2cf48542a09ff28cc2f3bca2afac2500065f5fb37f1c356bd74104

    SHA512

    77d8493a130a53c82c45ad7899b5cb4c5c45ee2e07f1bf402dd06d4164eeadd5b585dae19d5832447deef8fa7b5b15a4007a0316176841a6213f02c266892cfc

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\LisgCZCwGQ4lRz4go9tlwPslw_k.br[1].js
    Filesize

    15KB

    MD5

    e515e69b21c49a355d5d4b91764abe00

    SHA1

    7571f85095e21ba061631d8a38d18623bcabf301

    SHA256

    365f8b7a23865ca36d1c1f7a25553afddb6223ff524b56d4beb80fdd98c8e057

    SHA512

    aa38791ce4ed4039a6d63cf6273be8ca0dde2436b8c6e0451937a85652d1c6ea22f38da9fd81ba9a4e877861b507603c88cacbbffe4e6b30ec602396f2b87a81

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\PvVze1dcpBMAPV5PYO5uw3GriyY.br[1].js
    Filesize

    2KB

    MD5

    ebc45bdc869c203885b0d3322dceb64b

    SHA1

    410a9e16c64795de5815519e56e5a3399f71029a

    SHA256

    ca4f6ace2f342b343573167189121752a640860a7c2882ff81f5ed3d55b6f2b5

    SHA512

    2a97b14c7ba17b4fa08eb5b08e94db67d6c298ff71b063de81102f7885f3279387b1e80581b1d9f4decd790adfcf5733207aab2c58c0e73948c990c19fad20a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\QNBBNqWD9F_Blep-UqQSqnMp-FI[1].css
    Filesize

    6B

    MD5

    77373397a17bd1987dfca2e68d022ecf

    SHA1

    1294758879506eff3a54aac8d2b59df17b831978

    SHA256

    a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13

    SHA512

    a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\U7lYsMImC2KOE_VoqxIhF8N5thg.br[1].js
    Filesize

    10KB

    MD5

    c71fa35c8852a1d72943055d9aa277b6

    SHA1

    46e8c8811a875c20d08fb5d63bc61f280fa3a1ad

    SHA256

    000a7e5f4726722669e8ff8c495990630bfb58d15c0109bce7f06eaf854706db

    SHA512

    08a8ea128ae3253f8cb91fb8cbe3bcf54f8313b6d21d11090917d5e900066f6f8109bf56a57de829d424457fc3072d42d482246da48cd19ea64d140af9433b45

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\VA9SqX6YZSWJrJ6ibXvpRZGCupQ.br[1].js
    Filesize

    44KB

    MD5

    6859b06c69a93bd325d6cdb2a5cecbd4

    SHA1

    5f1b96c6e59054c14d1ee9a3f3a2cbbc70e03b87

    SHA256

    6a232348034a0564b74d8a293ac8dc15664e26664cd4e071e1d2e740b76d9ec6

    SHA512

    9166d92cbf6945282259a2ca8d53f6d5986ff81de3d61c191d44a745b093936e21e71132833cb885a829c9bf9e4ce42618bd5e995b7a24929436615df35e91ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\VyNvnYSbzlS6ZeREEo0wIzSCoHI.br[1].js
    Filesize

    255KB

    MD5

    a603fd8035ce0204fed52e5a4d0f2751

    SHA1

    086489cf64fe8ea8ba124d0cc4e4c319cfadff3d

    SHA256

    e1c5f53feebff0b3703873280d8af7f8f11e9b0ed3b0f733205d6ac7fe1be085

    SHA512

    b8dde9953b3676c8a3caa4db314d29af49b3505f38061ce820503b75688e693923abba17dc6e8f160bcd5c7109ab0930d0871a72f1809e59131e456b55149e0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\W5AptvLGWBcTBLuPBJuqDe89v4w[1].css
    Filesize

    202KB

    MD5

    261c6daaff1e8cd0a3d1a8e4acc7945d

    SHA1

    2305d5758a627b36f446a28679bbe08f196b172d

    SHA256

    a0102ff3c5a8ac05953fedf11820fe304dbb1bb7edbcc8b718079436c0b3cf8f

    SHA512

    de0b7d5350f0d3f1ed601cb7ffabca048159b4da3df5a24fe0ee183f09a9cc62b903bf54c51383f755e6434279e28f14aa379b958ec5102de73cb8ea34a183ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\WeaqEJfS9Yrl9laS6TOxoSX0WqM.br[1].js
    Filesize

    2KB

    MD5

    121ad323544f8d0ab4947ca248ae67c0

    SHA1

    6ebdd821c5ff4ec648f60428086ac57fb4401286

    SHA256

    828a496f74c81febe572bd1219f7cb4122669e8c1b800468647f169b1cfcbf0c

    SHA512

    96b93cafcd50cb1325ce86bb8128bf9242250c22495ff238187233cd9da0bf8211005d81beaa7103d55abf7960b03e335a44137183a71bf6519f9505ee467ce5

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\XGTOWbtsOB8bq4oK5IIDOP8Bno4.br[1].js
    Filesize

    5KB

    MD5

    acff5d51f07df3add149c7f0d0691be4

    SHA1

    6af311eb357230534630bbcd469012772fecfea6

    SHA256

    40b4f56449caed2936add68c02b0e90cd59dfc297af6a9751688ef3fd8ab291a

    SHA512

    d4218a274666e12eaac1f855e61c0c50277c4cb14cd4ea4796f0660bf88acf9e4602f12e01d5527d34882dbc13ebb22306f5777fe15e6f47a09115ca5c1e4633

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\Xf9TaXFokQXdP8mYtTIGSCtNrOA.br[1].js
    Filesize

    36KB

    MD5

    d89db93ff1612cf856cff024ff4b1b22

    SHA1

    4bb16f3f073b4b26e16bf7e6978ae46f6fcb76e5

    SHA256

    1d92f3fc7be2362c5476622d2d927eb8a96b0967a1eb45d66e7bb58f64aae22b

    SHA512

    441a56e6bbcb1dac656d04891f029a45e830c12a8791aaf348c06ed29b33be279d9cf442c0bafd088f9e3a9be3bae7e9117767ec0a0c6f98521f8a590e5c0f52

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\Xk0n9ycPBpl3ibUiCDpx5bvphM0[1].css
    Filesize

    5KB

    MD5

    5d1f1d6481d5004c729cf7c4e299270a

    SHA1

    3346206f67a5b9d7d96ac1feef2758724d188617

    SHA256

    6931c8fcd193fb037fcca1f2ed3f3f7c61d775d117c74fb24760b9d648f90090

    SHA512

    32c0cf86c053474e6741d8687e9baeb968366f9c70c299d49ac8d26ccee1d39a9bd99269727adadda98d2d031e3d1b29407ffd4943640d95f08457ab8ebd3ce8

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\YwTf7_MkSSj_dMIStQXBoF2zTjM.br[1].js
    Filesize

    325KB

    MD5

    537ce542cda5d1d2dea20ffd6861b122

    SHA1

    903c0412d023e0834418e5d68c87625ce7fee0bc

    SHA256

    a1cd255e6e45ed6951ce3ed4114a87a91ec456f29019d739495eb5c2b7d97947

    SHA512

    6c21f7f0d9818124041fd59a374f9548a4bcbad3f70ba5e6a747c0678651b9a230dc8cd6af2ad28f1816bf45a23df72ce1a292f777caf04a695e525add5c0a3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\b9OAcoBMd8KkpEXfZanHIKzaQeE.br[1].js
    Filesize

    46KB

    MD5

    201e5f80e594fb57b7011db98e0abf7b

    SHA1

    2465829d330995d2c381bf6f24198b19850ff215

    SHA256

    a32917f0e651400730d8c617627c61a27c831b6a687a7df3644f808bc453b854

    SHA512

    98e70591ec791c1a6e65efb65221413ac8d672c4c10bfe6e92ae271844bec10dc25ca0fc4c1e70b1b4eee4378cf6c8bfaddb6e082df47e5a905bf4b7a01cf8f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\eRaywc7bgxpJRgIQ731mHeqxYFY.br[1].js
    Filesize

    42KB

    MD5

    6026919401103e01eecb359df6b31fd6

    SHA1

    f4dc751a41be4bc6c0a36e803c7a16ed6133e0b9

    SHA256

    a0b5403d1722e007d65638b3912d9fc2abdc4bb89ca3015899b1070630990446

    SHA512

    5726c77cd4d9f9fc5e0f82288bfa89a2a85144d8589be356c648ce21df830b49eefa44b088723be817791fe02762c4e4997c98bcb55333ac6e2b548dc3dd46a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\hPlNScrKKGfUAhwQVepjVKsWqRY.br[1].js
    Filesize

    1KB

    MD5

    fe23f243155b13348f13fd6488e0238a

    SHA1

    ec5f71c1875bc491e157ccd160795fc1e36479e9

    SHA256

    98377a7d539e735206b81f22ebf2f3321ccd5abca865d3a6cec9588cc0cea5ee

    SHA512

    876949068a5e0235a80dd1a867351f89a253263ca8a4d33e1e74d573d3f68dc3245ce4caf24fe8ffc1df6efe54c72c9564bd62b3d0396b3076b8008409ce3c75

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\jReNPx8gS5IWDxQLFD-EkpG1n7w.br[1].js
    Filesize

    1KB

    MD5

    617cadd50981066d960e52ae44362ab0

    SHA1

    7e268a834d6a67bd6c06e56b8c2e3732c13bd630

    SHA256

    e933028aec3448b1202190e2efab00417f2d5abeaed20e6cf579db04c2ee86e9

    SHA512

    4fe04dcef2b8a9e51fbb94245adcf4d8c15f1f47ea927b580aeeeff7c3d5bb015ffce2cf8bb44963a1f4ce21e57ab3bc97f51889face5066d1f413e41ec83696

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\jptBWImiVIYzQaI0kP9_1gjDeu4.br[1].js
    Filesize

    3KB

    MD5

    e0c17b836158929804d3dac0d1000726

    SHA1

    735c336f62427f7e3eb9e312b844791347b33576

    SHA256

    4cf825a05be99be456c9f670be6516bf10a9c3fd06d4ce954ba9f0b032f54723

    SHA512

    3032c7cff6514245b5f1afbdf1f6519731cf05439f89c04e41961c3b74d63a411aada140f7615859fe22f5d2854cb9f592badce07a5033dcceae71749d44ca62

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\k1RpQk-eyyvyZyQ5ONtAXPCy-FI.br[1].js
    Filesize

    5KB

    MD5

    658eb92ed8d4497a9ca0727a306b1843

    SHA1

    8313717af0a4ee99dc622bc8b686d5744051c1b6

    SHA256

    a10f1fac70b5833ec23b756edc34392fa5e0c3c97ceeabdef2bd973e843a6062

    SHA512

    41d78661530958d3c768c7342d2e560767f5b6070f7ab9262849c52236252dd60f1383174c98e60c40baa76f2b795a9c1f9015dfaa22e0e928342f6b2f3c653a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\lcrtGhqTqXwqwW-iaQ_Nw0mszKc.br[1].js
    Filesize

    197KB

    MD5

    30f68a3ea9f8fe63101e59ced32fa3e7

    SHA1

    0450964533a5363f20fd7a7ae16821cdfc1fcc1d

    SHA256

    90fccf6342d5bcfde3f69f88b80253ec694b9b901cc55fd84a2e0c6e0ff05caf

    SHA512

    f994377757539611fe2781b6aeedcfe2b2c7073516c0f3887c0fd836e1ed69066daabe7065dae1fc4aa071f8f5080939591b3ebd4642b1eaa42c7b25c2003349

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\mmDWBuo_mXPMwstmF0M6Gea7YQA.br[1].js
    Filesize

    130KB

    MD5

    1882ccd790bf58409bf4ac7670702379

    SHA1

    a56dc6590488a227fc8b1b709bca604db52c2ced

    SHA256

    28f817732a4e9c1741cb823970389b24a1ef126512dfb3cf37ca7d857925b015

    SHA512

    4a9f13c7c8d80a0709bd4c570715b582da9a956499d5e165fa146d77142ab2b0311182c7ef4d105f19990ada8db2a46148bcb97e482990d77f98dfd351d38123

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\onra7PQl9o5bYT2lASI1BE4DDEs[1].css
    Filesize

    65KB

    MD5

    d167f317b3da20c8cb7f24e078e0358a

    SHA1

    d44ed3ec2cde263c53a1ba3c94b402410a636c5f

    SHA256

    be2e9b42fc02b16643c01833de7d1c14d8790ecc4355c76529a41fa2f7d3efad

    SHA512

    afc65b0fa648d49a5eb896be60331aa222301894e228fe5684399e9276342f6510773dffa3e7e75b8d6197bc51c732bc7fd7518e593ecd20c4884c47058d46d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\qRqw0fKEID_9I4HEO5LDdD8CaWE.br[1].js
    Filesize

    52KB

    MD5

    a5c99328f8ddbf8ceec9f8156150d001

    SHA1

    4187c8884930b06621b4d311460c9d7062e903ad

    SHA256

    05d0046198336f88241f3d2703c54350e98f5f6c9fd69824f342712b3d11d186

    SHA512

    e545b2d4dcf9c7ec8bba96337dfd0e7fd17973592daf34f40d4edf5b9a81c5d6be175af25fc43acb507f8a00993dfddb50e0ef84a0f062bea082bf74851cee4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\t8shg5d7KiteLFdk0T__nZRbsds.br[1].js
    Filesize

    15KB

    MD5

    b2fc483e05387f3d76bcb3da72b05773

    SHA1

    93ba6e9e94c5435d9a839321096e3e883b49378f

    SHA256

    001718daf3df6a85ffdc59f7d12039301e7aafaa16ccf96889729fbd5e1de0db

    SHA512

    c3a07abb24eebf05806cd84c53bb414620b7a8e5afda2d9b9c2d3c811257b0f26c99fc5a7236e6b0d49fd0b6e08a9ff9a5b6ec259f4c3319f2c372d09eeb495c

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\w9zqVJkEZ_qpNCqYvGYoqL8BWm0.br[1].js
    Filesize

    118KB

    MD5

    129776db6ba6bea4af70cdb1ea56942a

    SHA1

    12bfe666c0b57b134e7b8b88bcf1a0c3b5dcf3cd

    SHA256

    2d55886903198e35295b8e90738da47859837baba26d47e15bac87f90ee608d3

    SHA512

    aedf99a152b97be6a57f0d1fb1dd43b0bb69508eae65b3a054024cd9e5dd59670ebeaff6ce7525e2b7263bbd7c963c30659628f9a2df16410674871538def94b

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\xZtFP6ADa5r6W-Gs9azRy1BzdoM.br[1].js
    Filesize

    14KB

    MD5

    c994b0da70ad36c2b4dc49a48e249bda

    SHA1

    fcd2f1cfdc33a946e393420c7a36c7ffc28b77b9

    SHA256

    7baa4579de695048f2b372780b43e0b1d80ea9dbc43e45850cf6d488c745d3c4

    SHA512

    dbaefcedd87defb461df22f2f4d300ca156859aa67b02dfb19c9c178fef2b2746633a8f14d4f3f297af6369fa7e770bd07bcba7ebd0c79d9c7d7de660b08f238

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\AppCache\03SH6L3D\3\ylvUeoqI4aQx1bG1g9p73jp3ODM.br[1].js
    Filesize

    94KB

    MD5

    7d179e87541a689ab77736d993984add

    SHA1

    f9fa2617622fef5eb3f585ea98e39539d0f2a88d

    SHA256

    c49b924d82c6f41749f8bc49b2bb20b3bd68da27f5a30a39e862c4f2f31fd63c

    SHA512

    c28c4af011bd9dc1ba725eccf739967877032bc51cc051419434081c10b483e04055231de6ea3074e0240b6a1da9c2deae64e25ae7c47dd1da970d7a7e716d88

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    b8bb106f8494cd9db1e9db3c715f2b4c

    SHA1

    f9c251ae5a81e11986cc1c10021a0f24f21fba5e

    SHA256

    5a985cb236bb42d84c4df8dc4a8d8550131b3710544a5645ff7caaada6e2b14b

    SHA512

    60b59725b84b999be94a3179325e75e1cde3e2cf0835bd3898f70a53ce41b02edb8c1c0fa6bc02c7d4563f56da8d0d5f6617a821afeb45fc373261521ceb5a8c

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    446B

    MD5

    f342b646c8cb2173571976f411c609e6

    SHA1

    b2d181e7f6019bdd3b42ffcb9ab5cfff518eb4d9

    SHA256

    2d4464076424043316c6bb9d9ea7fe4d3041ce572191815f931adcddfa9cb07e

    SHA512

    5f367e59328be3903985d820033b0cb258fad75b3607534a0c06f67efd7fe022abad4d9e738868101d591d355cfa69489140d1936afa9842a88436ac34242c2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\B0ESNM48\www.bing[1].xml
    Filesize

    1KB

    MD5

    44db59e571ac29638b2170c8482b1b1d

    SHA1

    408b7ae2e2bc65b7e1b8f254fd104fe5dd3e16b8

    SHA256

    1a86ef50f3f5c2aba71aec9556c0976170de4ba5757f9d2d457f05e1c263bae9

    SHA512

    becdf73e2bebcf8c5feb23b2c5e847628e24c126db39b20af376ccbf998523e13e75c860f52aea17b97efcbd7bc73247a67d36b2d7ab51ae2c55a29fefe29005

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\C41E.bat
    Filesize

    76B

    MD5

    f231f1126ca5233842ce04e4870430b3

    SHA1

    a9199b9377d9821fce4edd41fb36514b58572c60

    SHA256

    9eec0ba4a76b3568f62becb427678c45e4e355c67a553ee609fbdbff503938d5

    SHA512

    6e3ca6a3b04228afae4874feb6da1a7bd75e087b31e02c52d6b4ab54727d7d621ae2dd4722936d0b971e8db4fa931e3f38f860931df11205c0d8656d1bcbc027

    Download Submit

  • memory/1632-135-0x0000000000000000-mapping.dmp

    Download

  • memory/3148-137-0x0000000000000000-mapping.dmp

    Download

  • memory/4048-219-0x000002A235670000-0x000002A235690000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4048-216-0x000002A2355D0000-0x000002A2355F0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4048-215-0x000002A234F40000-0x000002A234F60000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4248-160-0x0000021DEC1D0000-0x0000021DEC1D3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4248-157-0x0000021DEC1C0000-0x0000021DEC1C4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4248-154-0x0000021DEC1C0000-0x0000021DEC1C4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4248-155-0x0000021DEC1C0000-0x0000021DEC1C4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4248-150-0x0000021DEA360000-0x0000021DEA380000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4248-147-0x0000021DEAE80000-0x0000021DEAEA0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4248-145-0x0000021DEA6E8000-0x0000021DEA6F0000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4248-156-0x0000021DEC1C0000-0x0000021DEC1C4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4248-158-0x0000021DEC1C0000-0x0000021DEC1C4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4248-163-0x0000021DEC1D0000-0x0000021DEC1D3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4248-161-0x0000021DEC1D0000-0x0000021DEC1D3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4248-162-0x0000021DEC1D0000-0x0000021DEC1D3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4476-132-0x0000000000000000-mapping.dmp

    Download

  • memory/5088-134-0x0000000000400000-0x0000000000455000-memory.dmp

    Filesize

    340KB

    Download

  • memory/5088-133-0x00000000005B0000-0x00000000005C6000-memory.dmp

    Filesize

    88KB

    Download