Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...f8.exe

windows7-x64

10

JaffaCakes...f8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2025, 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_106e3d8a593aa422522d53d1e2bcd2f8.exe

  • Size

    267KB

  • MD5

    106e3d8a593aa422522d53d1e2bcd2f8

  • SHA1

    cb418da05c0642222a98886272a9e33b3a49b618

  • SHA256

    45abb256f32677395a2ad3a8e2fc458578320171716262b9e766c9b03f957550

  • SHA512

    1f702fc36c41923bba34347df3a70f0201381dca7ae9a045850117a9613e5728d4bfad25ff3b804e7f53584e8971afb5fa25820b9acc0237c05bfa0fdebf29af

  • SSDEEP

    6144:n85mNWJAn44mTQQcrXZ+RwmBpOoffttYE+1cpYp:k/TQQcrX0Rwm3BF7dp

Score
10/10
cycbotponybackdoorcredential_accessdefense_evasiondiscoverypersistenceratspywarestealerupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 9 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Modifies security service 2 TTPs 1 IoCs
    defense_evasion
  • Pony family
    pony
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    defense_evasion
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
    defense_evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_106e3d8a593aa422522d53d1e2bcd2f8.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_106e3d8a593aa422522d53d1e2bcd2f8.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:5112
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_106e3d8a593aa422522d53d1e2bcd2f8.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_106e3d8a593aa422522d53d1e2bcd2f8.exe startC:\Users\Admin\AppData\Roaming\0A3E0\DD159.exe%C:\Users\Admin\AppData\Roaming\0A3E0
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3012
    • C:\Program Files (x86)\LP\5990\E38A.tmp
      "C:\Program Files (x86)\LP\5990\E38A.tmp"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:5064
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_106e3d8a593aa422522d53d1e2bcd2f8.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_106e3d8a593aa422522d53d1e2bcd2f8.exe startC:\Program Files (x86)\E0FC4\lvvm.exe%C:\Program Files (x86)\E0FC4
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2256
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:872
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4156
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4108
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:984
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2576
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2624
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    PID:4920
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2956
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4084
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4160
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2364
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4648
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4852
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:732
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4672
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3580
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3100
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4476
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4520
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4848
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4904
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3108
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4924
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:440
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2540
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:4428
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:2836
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:4156
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:5056
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:4456
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:1036
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4604
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:1868
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:4908
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:2332
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:4368
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:2028
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:352
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:5040
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:3884

                                Network

                                MITRE ATT&CK Enterprise v15

                                Reconnaissance

                                Resource Development

                                Initial Access

                                Execution

                                Persistence

                                Boot or Logon Autostart Execution

                                2
                                T1547

                                Active Setup

                                1
                                T1547.014

                                Registry Run Keys / Startup Folder

                                1
                                T1547.001

                                Create or Modify System Process

                                1
                                T1543

                                Windows Service

                                1
                                T1543.003

                                Privilege Escalation

                                Boot or Logon Autostart Execution

                                2
                                T1547

                                Active Setup

                                1
                                T1547.014

                                Registry Run Keys / Startup Folder

                                1
                                T1547.001

                                Create or Modify System Process

                                1
                                T1543

                                Windows Service

                                1
                                T1543.003

                                Defense Evasion

                                Modify Registry

                                5
                                T1112

                                Credential Access

                                Credentials from Password Stores

                                1
                                T1555

                                Credentials from Web Browsers

                                1
                                T1555.003

                                Unsecured Credentials

                                3
                                T1552

                                Credentials In Files

                                3
                                T1552.001

                                Discovery

                                Peripheral Device Discovery

                                2
                                T1120

                                Query Registry

                                4
                                T1012

                                System Information Discovery

                                2
                                T1082

                                System Location Discovery

                                1
                                T1614

                                System Language Discovery

                                1
                                T1614.001

                                Lateral Movement

                                Collection

                                Data from Local System

                                2
                                T1005

                                Command and Control

                                Exfiltration

                                Impact

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Program Files (x86)\LP\5990\E38A.tmp
                                  Filesize

                                  98KB

                                  MD5

                                  131ba185948e115afdafe1396ca9a566

                                  SHA1

                                  a2f9dc39428cd1beaf782a72311b63c5b645eec0

                                  SHA256

                                  4574025af0ea81f7d2494121216367b92ef0dbb02849996ae383018a9fdfdaf4

                                  SHA512

                                  d2b55c26d3f29452cd7b853d18ce622ede10578f8b3ab8e93d7f647b91abd840fb3f00cb06c8ca9f9a698806eb0495ea0aac81871e7c76058aabd051f7fc41eb

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                  Filesize

                                  471B

                                  MD5

                                  5b9b4ed3bdf38d50ad1b21c32c7fbc52

                                  SHA1

                                  6cd03424b68ea546ac19d5607a595e411617a1fb

                                  SHA256

                                  6e952c324457fccaebcc8d74eac0e29561ffb3e8b74ef23d30a910f812fa7484

                                  SHA512

                                  4a0f4e4a7537fd2d724fe5857a5b28eab3716554293ed8db1589a6dbdb36697345fad5cfe500f220bc2d1898ced9aa53dca08013791c18d2c829a03f9e018a9b

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                  Filesize

                                  412B

                                  MD5

                                  d2fae616a7af93979dd3578800fbcdd2

                                  SHA1

                                  5cd5e410c810c97f506d393109d190464eb93a56

                                  SHA256

                                  07d7b29f7494137eb787a8686e0de86e3870757b93776d7b0052f90f23e7c3f2

                                  SHA512

                                  c79e625b0bf0b6d05b4fcd7ef4cc593aae550ccb5621288528a9ecf790ff47df48ce15f7c815b479994ddf7ba6f0af784d3c8c33bcbbeb535b5bd261b465515b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                  Filesize

                                  2KB

                                  MD5

                                  77235ad9f5c341e1eac1853cedd6335a

                                  SHA1

                                  fd1941bab1656de03478972a992b0a1c69e35c9d

                                  SHA256

                                  1458980820e41605abf90c0fff255b6015ad5123d118f91702fdfe61122a0d71

                                  SHA512

                                  81178862f0057f0b625113023eb2eddbfea12a1a768ba87ab0184b816f8145319a88e38b232c22ac34e2619e6a820f237742cb8d6449d4d0ef3f36f236883451

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133820476230494590.txt
                                  Filesize

                                  75KB

                                  MD5

                                  4b5a4be2d0b2c58a50fad4238148f3bd

                                  SHA1

                                  fb6ceeaf5a6e1f9169b7851901726fc83591c672

                                  SHA256

                                  c25cb04f5e87278d8f303068b81e78a177c27234885af49a7b4c9bdc98c4a33c

                                  SHA512

                                  6b489e3590bd7e0afb62487b3eb3551bfdc54c395c67c966342a05801436447981e7a6aec0debef782791fccdd8020137b81cf5ea059121f757858b453d6c8fd

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2CFNWDLC\microsoft.windows[1].xml
                                  Filesize

                                  97B

                                  MD5

                                  539db492f33fccee9be530dd0bf34a46

                                  SHA1

                                  650b2a3583d6c9499b4ed73e9a5dca37f342a50e

                                  SHA256

                                  f6d425aad05b46e77b53e5737c85f4ceab6531e773ea87eb985754be5ec19999

                                  SHA512

                                  9328f2fa286b4a9ca6ae57ddd9fca0b1140e5f68a5e143fd8ae6ea212a1af5d7b6b2289c324fa9480ca8d2e6d3b0cf7115611a56a3a161c5ad2f988f6ae62a0a

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\0A3E0\0FC4.A3E
                                  Filesize

                                  600B

                                  MD5

                                  b66ca0bb12872bf3bc5ce4bf06006bfe

                                  SHA1

                                  e900ba0b5d9aacc6efa6a5306f5486790aefa55a

                                  SHA256

                                  dd0aa8e89da998c8ed83f443cfefbeb7e73c441af5c0b9501f7afb71f4da03c4

                                  SHA512

                                  0a6b3f9a3a57f9e502f52c182bc31720d29aaa75e437981d307112fd98669e08ad06acb242fd8ffd38de74cfc868a175e2306fe6a64833c52451899a0f743de3

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\0A3E0\0FC4.A3E
                                  Filesize

                                  1KB

                                  MD5

                                  f13e28dd102a98545c1fe20355f77b9c

                                  SHA1

                                  672a04e4f079656f804c1c7ac69cd6604e619487

                                  SHA256

                                  f8f7d38f3a035040df1c42fdf3fbe15d1194694ea6bb4ec48052abb2704bf279

                                  SHA512

                                  42e513aaf24b7337ed349e19ecc93a046571bd8e460516b3cadf735990e3d81b4c3f9896ef6efb4c7f8ce3d8a77ddfb2d12c74cb76f5d0c61916e25da9247ac5

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\0A3E0\0FC4.A3E
                                  Filesize

                                  1KB

                                  MD5

                                  bb6f9384875faa9b9550a0ee684e1416

                                  SHA1

                                  17d88f14f79f483a4f0d4b404eaa83efd314cb8b

                                  SHA256

                                  f9340793776f70b20934796baf360228b7ef546905ab6310ee0ad3155c5d011e

                                  SHA512

                                  e91dfe3f20cd2dde18e4778a37259bbc350105e47765f030ebd7c934b3b12d05d775339d5b9d269c21b0ec77b7bb10a61670a57839bd70b15f8acbe9235f4483

                                  Download Submit

                                • memory/732-599-0x000002AF25E00000-0x000002AF25F00000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/732-603-0x000002AF26D30000-0x000002AF26D50000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/732-598-0x000002AF25E00000-0x000002AF25F00000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/732-617-0x000002AF27300000-0x000002AF27320000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/732-607-0x000002AF26CF0000-0x000002AF26D10000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/984-192-0x0000000003170000-0x0000000003171000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/2256-489-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/2332-1358-0x0000000004200000-0x0000000004201000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/2540-1062-0x000001E2D4990000-0x000001E2D49B0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/2540-1074-0x000001E2D4950000-0x000001E2D4970000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/2540-1094-0x000001E2D4D60000-0x000001E2D4D80000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/2624-194-0x0000012861500000-0x0000012861600000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/2624-210-0x0000012862470000-0x0000012862490000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/2624-198-0x00000128624B0000-0x00000128624D0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/2624-195-0x0000012861500000-0x0000012861600000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/2624-193-0x0000012861500000-0x0000012861600000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/2624-226-0x0000012862880000-0x00000128628A0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/3012-18-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/3012-17-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/3100-776-0x0000022D65BE0000-0x0000022D65C00000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/3100-754-0x0000022D655D0000-0x0000022D655F0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/3100-744-0x0000022D65820000-0x0000022D65840000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/3100-739-0x0000022D64500000-0x0000022D64600000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/3100-740-0x0000022D64500000-0x0000022D64600000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/4084-341-0x0000027284500000-0x0000027284600000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/4084-359-0x0000027285290000-0x00000272852B0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/4084-342-0x0000027284500000-0x0000027284600000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/4084-346-0x00000272852D0000-0x00000272852F0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/4084-370-0x00000272858A0000-0x00000272858C0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/4156-1204-0x00000249F7300000-0x00000249F7400000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/4156-1205-0x00000249F7300000-0x00000249F7400000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/4156-1225-0x00000249F87E0000-0x00000249F8800000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/4156-1212-0x00000249F83D0000-0x00000249F83F0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/4156-1208-0x00000249F8410000-0x00000249F8430000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/4156-1203-0x00000249F7300000-0x00000249F7400000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/4428-1201-0x0000000004E50000-0x0000000004E51000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4520-921-0x0000019885E70000-0x0000019885E90000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/4520-940-0x0000019886280000-0x00000198862A0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/4520-904-0x0000019885500000-0x0000019885600000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/4520-909-0x0000019885EB0000-0x0000019885ED0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/4648-597-0x0000000002C60000-0x0000000002C61000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4672-737-0x0000000003490000-0x0000000003491000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4904-902-0x00000000041D0000-0x00000000041D1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4920-340-0x0000000004780000-0x0000000004781000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4924-1055-0x0000000004AA0000-0x0000000004AA1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5064-490-0x0000000000400000-0x000000000041C000-memory.dmp

                                  Filesize

                                  112KB

                                  Download

                                • memory/5112-0-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/5112-3-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/5112-4-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/5112-5-0x0000000000400000-0x0000000000467000-memory.dmp

                                  Filesize

                                  412KB

                                  Download

                                • memory/5112-900-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/5112-15-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/5112-883-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/5112-173-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/5112-450-0x0000000000400000-0x0000000000469000-memory.dmp

                                  Filesize

                                  420KB

                                  Download

                                • memory/5112-2-0x0000000000400000-0x0000000000467000-memory.dmp

                                  Filesize

                                  412KB

                                  Download