gazp.exe

Status: finished

Submission Time: 2023-07-11 11:46:12 +02:00

Malicious

Ransomware

Trojan

Spyware

Evader

Babuk, Clipboard Hijacker, Djvu, Vidar

Comments

Details

Analysis ID:
1270732
API (Web) ID:
1270732
Analysis Started:

2023-07-11 11:49:15 +02:00
Analysis Finished:

2023-07-11 12:04:28 +02:00
MD5:
164d681e4c7592a58264b71a95ec412e
SHA1:
369c7a559fccaac6c69902b94af0c67a9225dc4b
SHA256:
1bb689e95fd5ed5f70fd3ac60cf28d7aace52fea6b1bacc0a257e19cbf50a71d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 43/70

malicious

Score: 25/38

malicious

IPs

IP	Country	Detection
175.126.109.15	Korea Republic of
80.210.25.252	Iran (ISLAMIC Republic Of)
162.0.217.254	Canada
Click to see the 2 hidden entries
5.75.211.167	Germany
149.154.167.99	United Kingdom

Domains

Name	IP	Detection
colisumy.com	80.210.25.252
zexeq.com	175.126.109.15
t.me	149.154.167.99
Click to see the 1 hidden entries
api.2ip.ua	162.0.217.254

URLs

Name	Detection
http://
https://we.tl/t-ZyZya4Vb
http://zexeq.com/test1/get.php
Click to see the 66 hidden entries
http://colisumy.com/dl/build2.exe$run
https://we.tl/t-ZyZya4Vb8D
http://zexeq.com/files/1/build3.exe
http://zexeq.com/test1/get.php?pid=903E7F261711F85395E5CEFBF4173C54&first=true:o
http://colisumy.com/dl/build2.exerun00M
http://zexeq.com/files/1/build3.exe$run
http://zexeq.com/files/1/build3.exerun
http://colisumy.com/dl/build2.exe
https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=
https://api.2ip.ua/geo.json
https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt
http://zexeq.com/test1/get.phper
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://www.gnu.org/licenses/lgpl.html.
https://www.google.com/chrome/zGoogle
https://api.2ip.ua/geo.jsonQ
http://www.gnu.org/licenses/gpl-2.0.html.
http://5.75.211.167:8081/files.zip
https://api.2ip.ua/
https://api.2ip.ua/geo.jsonX
https://aka.ms/Vh5j3k
http://www.msn.com/
http://www.msn.com/de-ch/?ocid=iehp
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g
http://facebook.github.io/react/docs/error-decoder.html?invariant
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BE6B7572D
http://zexeq.com/files/1/build3.exet
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=02Google
http://www.qt.io/terms-conditions.
https://api.2ip.ua/geo.jsonH
https://activity.windows.com
https://www.google.com/
https://clients2.google.com/service/update2/crx
http://www.google.com/
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
http://www.qt.io/licensing/
http://searchads.msn.net/.cfm?&&kp=1&
http://5.75.211.167:8081/
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
http://zexeq.com/test1/get.php?pid=903E7F261711F85395E5CEFBF4173C54&first=true
https://deff.nelreports.net/api/report?cat=msn
https://api.2ip.ua/geo.jsonal
http://www.twitter.com/
https://t.me/eagl3z
https://docs.google.com/
http://www.openssl.org/support/faq.html
https://www.google.com/chrome/
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
https://www.google.com/chrome/application/x-msdownloadC:
https://aka.ms/AA23z1a
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://drive.google.com/
http://www.msn.com/?ocid=iehp
http://5.75.211.167:8081/cbd613607c301b91658bcf8a9e38cc6a
https://onedrive.live.com/about/en-us/0
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
http://www.reddit.com/
http://www.qt.io/contact-us.
http://zexeq.com/test1/get.php?pid=903E7F261711F85395E5CEFBF4173C54
http://www.ecma-international.org/ecma-262/5.1/#sec-C
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
http://www.nytimes.com/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\4d191fdb-4a35-464a-b140-dd44ad05a2bd\gazp.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\4d191fdb-4a35-464a-b140-dd44ad05a2bd\gazp.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst	PostScript document text	#
Click to see the 286 hidden entries
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\computed_hashes.json	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\flapper.gif	GIF image data 10629	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png	data	#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{5BAAF43C-032B-11EB-90E4-ECF4BB570DC9}.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileCoAuth.exe	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncConfig.exe	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncHelper.exe	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\OneDrive.exe	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\OneDriveSetup.exe	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\OneDriveStandaloneUpdater.exe	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\OneDriveUpdaterService.exe	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ThirdPartyNotices.txt	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\de\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\es\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\fr\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\hu\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\it\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\ja\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\ko\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\nl\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\pl\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\pt-BR\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\pt-PT\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\ru\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\sv\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\tr\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\zh-CN\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\adm\zh-TW\OneDrive.adml	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\af\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\am-ET\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ar\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\as-IN\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\az-Latn-AZ\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\be\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\bg\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\bn-BD\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\bn-IN\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\bs-Latn-BA\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ca-Es-VALENCIA\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ca\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\cs\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\cy-GB\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\da\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\de\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\el\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\en-GB\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\en-US\msipc.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\en\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\es\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\et\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\eu\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\fa\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\fi\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\fil-PH\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\fr\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ga-IE\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\gd\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\gl\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\gu\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ha-Latn-NG\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\he\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\hi\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\hr\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\hu\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\hy\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\id\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ig-NG\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\images\darkTheme\acm_low_disk_space_online_only.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\images\darkTheme\finderExtensionPrompt.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\images\darkTheme\kfm_folders_image.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\images\lightTheme\acm_low_disk_space_online_only.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\images\lightTheme\finderExtensionPrompt.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\images\lightTheme\folder_image_documents.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\is\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\it\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ja\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ka\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\kk\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\km-KH\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\kn\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ko\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\kok\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ku-Arab\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ky\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\lb-LU\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\lt\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\lv\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\mi-NZ\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\mk\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ml-IN\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\mn\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\mr\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ms\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\mt-MT\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\nb-NO\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ne-NP\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\nl\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\nn-NO\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\nso-ZA\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\or-IN\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\pa-Arab-PK\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\pa\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\pl\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\prs-AF\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\pt-BR\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\pt-PT\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\qml\QtQuick\Controls.2\plugins.qmltypes	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\qml\QtQuick\Extras\plugins.qmltypes	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\qml\QtQuick\Templates.2\plugins.qmltypes	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\quc\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\quz-PE\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ro\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ru\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\rw\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\sd-Arab-PK\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\si-LK\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\sk\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\sl\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\sq\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\sr-Cyrl-BA\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\sr-Cyrl-RS\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\sr-Latn-RS\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\sv\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\sw\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ta\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\te\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\tg\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\th\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ti\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\tk-TM\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\tn-ZA\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\tr\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\tt\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ug\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\uk\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ur\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\uz-Latn-UZ\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\vi\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\wo\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\xh-ZA\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\yo-NG\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\zh-CN\FileSync.LocalizedResources.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\zh-TW\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\zu-ZA\FileSync.LocalizedResources.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2019-06-27_113458_1850-1854.log	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000013.db	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.db	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000b.db	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\build2[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\UPPS\UPPS.bin	PDP-11 overlaid separate executable	#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl	data	#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001	data	#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl	data	#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001	data	#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl	data	#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat	MS Windows registry file, NT/2000 or above	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1	MS Windows registry file, NT/2000 or above	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_10[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_11[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_12[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_13[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_17[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_18[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_19[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_21[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_22[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_23[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_24[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_27[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_2[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_3[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_4[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_6[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\E5I42ZYH\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_8[1].txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\6JBHZF80\fpconfig.min[1].json	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c863731-2a35-4444-9405-4d7cbb267ab4}\0.0.filtertrie.intermediate.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c863731-2a35-4444-9405-4d7cbb267ab4}\Apps.ft	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c863731-2a35-4444-9405-4d7cbb267ab4}\Apps.index	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{80434dc5-3c77-49de-921d-2c97334fc8d4}\0.0.filtertrie.intermediate.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{80434dc5-3c77-49de-921d-2c97334fc8d4}\Apps.ft	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{80434dc5-3c77-49de-921d-2c97334fc8d4}\Apps.index	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a9af4d1b-0ef9-4038-9470-5413526e84ae}\0.0.filtertrie.intermediate.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a9af4d1b-0ef9-4038-9470-5413526e84ae}\Apps.ft	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a9af4d1b-0ef9-4038-9470-5413526e84ae}\Apps.index	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e60653d3-d69a-43f3-a1dc-5bada9503c7b}\0.0.filtertrie.intermediate.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e60653d3-d69a-43f3-a1dc-5bada9503c7b}\Apps.ft	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{e60653d3-d69a-43f3-a1dc-5bada9503c7b}\Apps.index	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4b01d48e-72ca-4621-8570-a88f4a6b1ec4}\appsconversions.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4b01d48e-72ca-4621-8570-a88f4a6b1ec4}\appsglobals.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4b01d48e-72ca-4621-8570-a88f4a6b1ec4}\appssynonyms.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4b01d48e-72ca-4621-8570-a88f4a6b1ec4}\settingsconversions.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4b01d48e-72ca-4621-8570-a88f4a6b1ec4}\settingsglobals.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4b01d48e-72ca-4621-8570-a88f4a6b1ec4}\settingssynonyms.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{13d888a1-0da9-488d-b29e-c632055a5b8d}\0.0.filtertrie.intermediate.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{13d888a1-0da9-488d-b29e-c632055a5b8d}\Settings.ft	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7b0be05b-dd29-4634-bd2c-c09b9631250d}\0.0.filtertrie.intermediate.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7b0be05b-dd29-4634-bd2c-c09b9631250d}\Settings.ft	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133051620838562510.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133051620921860467.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133335749990696189.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133335750010797716.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133335750298645019.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat	data	#
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl	data	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\AppxProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\AssocProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\CbsProvider.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\CompatProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\DismCore.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\DismProv.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\DmiProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\FfuProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\FolderProvider.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\GenericProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\IBSProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\ImagingProvider.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\IntlProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\LogProvider.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\MsiProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\OSProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\OfflineSetupProvider.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\ProvProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\SetupPlatformProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\SmiProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\SysprepProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\TransmogProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\UnattendProvider.dll.mui	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\VhdProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\F0AA5307-87B6-41CC-8AB9-9D4E70F644BD\en-US\WimProvider.dll.mui	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\chrome_installer.log	data	#
C:\Users\user\AppData\Local\Temp\scoped_dir4296_1252151785\CRX_INSTALL\images\flapper.gif	GIF image data 7867 x 7100	#
C:\Users\user\AppData\Local\b262a41d-c448-49cf-80d7-e9e55f1b678d\build2.exe	MS-DOS executable	#
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg	JPEG image data	#
C:\Users\user\Desktop\KLIZUSIQEN\GLTYDMDUST.png	data	#
C:\Users\user\Desktop\NWCXBPIUYI.jpg	data	#
C:\Users\user\Desktop\NWCXBPIUYI.xlsx	data	#
C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeSysFnt19.lst.gazp (copy)	PostScript document text	#
C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache.bin.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\OneDrive\19.086.0502.0006\FileCoAuth.exe.gazp (copy)	MS-DOS executable	#
C:\Users\user\Local Settings\Microsoft\OneDrive\19.086.0502.0006\FileSyncConfig.exe.gazp (copy)	MS-DOS executable	#
C:\Users\user\Local Settings\Microsoft\OneDrive\19.086.0502.0006\FileSyncHelper.exe.gazp (copy)	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\Local Settings\Microsoft\OneDrive\19.086.0502.0006\OneDrive.exe.gazp (copy)	MS-DOS executable	#
C:\Users\user\Local Settings\Microsoft\OneDrive\19.086.0502.0006\OneDriveSetup.exe.gazp (copy)	MS-DOS executable, MZ for MS-DOS	#
C:\Users\user\Local Settings\Microsoft\OneDrive\19.086.0502.0006\OneDriveStandaloneUpdater.exe.gazp (copy)	MS-DOS executable	#
C:\Users\user\Local Settings\Microsoft\OneDrive\19.086.0502.0006\OneDriveUpdaterService.exe.gazp (copy)	MS-DOS executable	#
C:\Users\user\Local Settings\Microsoft\OneDrive\19.086.0502.0006\ThirdPartyNotices.txt.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000013.db.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.db.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000b.db.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\Windows\Shell\DefaultLayouts.xml.gazp (copy)	data	#
C:\Users\user\Local Settings\Microsoft\Windows\UPPS\UPPS.bin.gazp (copy)	PDP-11 overlaid separate executable	#
C:\Users\user\Local Settings\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl.gazp (copy)	data	#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.gazp (copy)	MS Windows registry file, NT/2000 or above	#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.gazp (copy)	MS Windows registry file, NT/2000 or above	#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat.gazp (copy)	data	#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.gazp (copy)	data	#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.gazp (copy)	data	#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat.gazp (copy)	data	#
C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl.gazp (copy)	data	#
C:\Users\user\Local Settings\Temp\chrome_installer.log.gazp (copy)	data	#
C:\Users\user\_readme.txt	ASCII text, with CRLF line terminators	#
C:\_readme.txt	ASCII text, with CRLF line terminators	#

Deep Malware Analysis

gazp.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

gazp.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

gazp.exe