top title background image
flash

JPiACp4fEG.exe

Status: finished
Submission Time: 2025-03-22 09:47:32 +01:00
Malicious
Ransomware
Spreader
Spyware
Evader
Cerber, Conti, Sapphire, TrojanRansom, W

Comments

Tags

  • Albabat
  • exe

Details

  • Analysis ID:
    1645720
  • API (Web) ID:
    1645720
  • Original Filename:
    13d128038c341e850b55bc900ecee93496521c74bd9f3f8ea63e86042c5b6a9b.exe
  • Analysis Started:
    2025-03-22 09:47:39 +01:00
  • Analysis Finished:
    2025-03-22 10:04:48 +01:00
  • MD5:
    2a78ca5302034ed8efcc52313750b634
  • SHA1:
    1cc2d1f2a991c19b7e633a92b1629641c019cdeb
  • SHA256:
    13d128038c341e850b55bc900ecee93496521c74bd9f3f8ea63e86042c5b6a9b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 33/73
malicious
Score: 14/36

IPs

IP Country Detection
142.251.40.174
United States
3.134.235.187
United States
18.238.80.125
United States
Click to see the 15 hidden entries
54.177.55.191
United States
104.26.12.205
United States
18.238.80.47
United States
188.65.124.59
France
142.250.65.198
United States
142.251.40.130
United States
140.82.113.5
United States
104.21.54.91
United States
150.171.28.12
United States
3.142.253.143
United States
195.8.215.160
France
3.171.139.51
United States
142.251.40.228
United States
18.238.80.77
United States
3.168.102.35
United States

Domains

Name IP Detection
dmxleo.dailymotion.com
0.0.0.0
d3imyufjor9fv3.cloudfront.net
3.168.102.35
www3.l.google.com
142.251.40.174
Click to see the 50 hidden entries
a.tribalfusion.com
104.18.37.193
outspot2-ams.adx.opera.com
82.145.213.8
s.ad.smaato.net
35.212.38.52
api.ipify.org
104.26.12.205
ib.anycast.adnxs.com
68.67.179.164
s0.2mdn.net
142.250.65.198
t.adx.opera.com
0.0.0.0
vendorlist.dmcdn.net
0.0.0.0
image8.pubmatic.com
0.0.0.0
image4.pubmatic.com
0.0.0.0
image2.pubmatic.com
0.0.0.0
d2iih6ll7e7icz.cloudfront.net
3.171.139.51
pr-bh.ybp.yahoo.com
0.0.0.0
aws-0-us-west-1.pooler.supabase.com
0.0.0.0
graphql.api.dailymotion.com
0.0.0.0
www.dailymotion.com
0.0.0.0
static1.dmcdn.net
0.0.0.0
pebed.dm-event.net
0.0.0.0
geo.dailymotion.com
0.0.0.0
translate.google.com
0.0.0.0
ib.adnxs.com
0.0.0.0
s2.dmcdn.net
0.0.0.0
api.msn.com
0.0.0.0
eb2.3lift.com
0.0.0.0
ds-pr-bh.ybp.gysm.yahoodns.net
34.227.50.37
s.tribalfusion.com
172.64.150.63
dspcookiematching-prod-aws-us-east-2.dmxleo.com
3.19.182.70
ifconfig.co
104.21.54.91
us-east-eb2.3lift.com
35.71.139.29
public-prod-dspcookiematching.dmxleo.com
18.238.80.125
spug-nje1pb.pubmnet.com
207.65.37.182
geo.player.dailymotion.com
3.142.253.143
d129qj39ell9t0.cloudfront.net
18.238.80.47
static-origin.dmcdn.net
195.8.215.160
imagesync-vac.pubmnet.com
8.28.7.82
cm.g.doubleclick.net
172.217.165.130
pug-vac.pubmnet.com
8.28.7.83
securepubads.g.doubleclick.net
142.251.40.130
www.google.com
142.251.40.228
match.adsrvr.org
15.197.193.217
router.infolinks.com
172.66.42.247
x3.instreamatic.com
35.222.138.46
ax-0003.ax-msedge.net
150.171.28.12
match.prod.bidr.io
54.89.16.212
google.com
142.251.32.110
pool-tcp-us-west-1-58aaa9f-fd46bdad3edd3d75.elb.us-west-1.amazonaws.com
54.177.55.191
api.github.com
140.82.113.5
fp-001.nyc.dailymotion.com
3.134.235.187
ebed.geo.dmcdn.net
188.65.124.59
leo-portal.dmxleo.com
18.238.80.77

URLs

Name Detection
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
https://salemovefinancial.com
https://clients.config.office.net/user/v1.0/android/policies
Click to see the 97 hidden entries
https://docs.rs/getrandom#nodejs-es-module-support
https://outlook.office365.com/api/v1.0/me/Activities
https://casinostudio3000.com/
http://affiliazioniads.snai.it/
https://image8.pubmatic.com/AdServer/ImgSync?p=156425&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156425%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.ad.smaato.net%252Fc%252F%253FdspId%253D1001609%2526dspCookie%253D%2523PMUID%2526gdpr%253D0%2526gdpr_consent%253D&gdpr=0&gdpr_consent=
https://pecst01.aurusepay.com
https://wus2.contentsync.
http://adsrv.keycaptcha.com
https://pushchannel.1drv.ms
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
http://ad-emea.doubleclick.net/
https://v.investologic.co.uk/
http://360ads.go2cloud.org/
http://weather.service.msn.com/data.aspx
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
http://tiny.cc/
https://welt.de
https://ncus.contentsync.
https://d.docs.live.net
http://www.betwin.co.it
http://adv.ilsole24ore.it/
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
https://unitedstates2.ss.wd.microsoft.us
https://wus2.pagecontentsync.
https://www.restoro.com/
https://infinitytrk.com/
https://api.diagnosticssdf.office.com/v2/file
https://augloop.office.com
https://onedrive.live.com/embed?
https://visio.uservoice.com/forums/368202-visio-on-devices
https://api.cortana.ai
https://guarda4k.online/
https://skyapi.live.net/Activity/
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
https://unitedstates1.ss.wd.microsoft.us
https://image8.pubmatic.com/AdServer/ImgSync?p=156425&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156425%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.ad.smaato.net%252Fc%252F%253FdspId%253D1001609%2526dspCookie%253D%2523PMUID%2526gdpr%253D0%2526gdpr_consent%253D&gdpr=0&gdpr_consent=&rdf=1
https://unitedstates4.ss.wd.microsoft.us
https://devnull.onenote.com
http://crazylead.com/video/
http://direct.juiceadv.com/aff_
https://api.github.com/repos/billdev1/abbt/git/blobs/416bd72c155f44137408f5964a0abac61d6380fe
https://github.com/billdev1/abbt/blob/main/content/db.html
https://substrate.office.com/search/api/v1/SearchHistory
https://login.microsoftonline.com
http://join.shemalesfromhell.com/
https://bitcoin.org
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
https://deff.nelreports.net/api/report?cat=msn
https://www.dazn.com/
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
https://cm.g.doubleclick.net/pixel?google_nid=dailymotion_dbm&google_sc=&google_cm=&gdpr=0&gdpr_consent=&CCPA=1---&google_tc=
https://www.yammer.com
https://www.reimageplus.com/
http://adf.ly/?id=
https://www.primevideo.com/
http://tracker.tradedoubler.com/
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
https://traffserve.com/
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
http://join.rodneymoore.com/
http://homemoviestube.com/
https://lookup.onenote.com/lookup/geolocation/v1
https://rpsticket.partnerservices.getmicrosoftkey.com
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
http://ad-apac.doubleclick.net/
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
http://adclick.g.doubleclick.net/
https://useraudit.o365auditrealtimeingestion.manage.office.com
https://dspcookiematching-prod-aws-us-east-2.dmxleo.com/dspreply?dspId=7&dspUserId=1481849424901602721&gdpr=0&gdpr_consent=&CCPA=1---&time=&time=1742633462827343688
https://wieistmeineip.de
https://mediaserver.bwinpartypartners.it/renderBanner.do?
https://link.offerte2019.info/
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://consent.config.office.com/consentcheckin/v1.0/consents
http://www.djpoint.net/
https://www.worldnomads.it/?affiliate=
http://adprovider.adlure.net/
https://graph.windows.net
https://httpslink.com/
https://github.com/billdev1/abbt/blob/main/content/icon.ico
http://ad.yieldmanager.com/
https://api.addins.store.officeppe.com/addinstemplate
https://api.github.com/repos/billdev1/abbt/contents/content/db.htmlS
https://www.odwebp.svc.ms
https://www.scommettievinci.net/
http://display.tracksafe.click/
https://ifconfig.co/jsonConnection
https://store.office.cn/addinstemplate
http://adserver.adtechus.com/
https://my.microsoftpersonalcontent.com
https://casinohex.it/
https://rover.ebay.com/
https://api.github.com/repos/billdev1/abbt/git/blobs/55ac428cf2d5b898b0237fc0faf09145fbccb4cf
https://tasks.office.com
https://songshare.com
https://res.getmicrosoftkey.com/api/redemptionevents
https://universofree.net/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
data
#
Click to see the 186 hidden entries
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\index
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Vpn Tokens
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\auto_open_controller.js
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\edge_driver.js
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\edge_tracking_page_validator.js
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\product_page.js
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification_fast.bundle.js
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\fr-CA\strings.json
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\de\strings.json
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\es\strings.json
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\id\strings.json
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ru\strings.json
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\sv\strings.json
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hans\strings.json
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hant\strings.json
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-tokenization-config.json
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\wallet.bundle.js
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\7.0.0.0\crs.pb
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips\2983\safety_tips.pb
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.50\LICENSE
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.50\Ruleset Data
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\Filtering Rules
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\Part-DE
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\Part-IT
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\Part-NL
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\Part-RU
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-cy.hyb
data
#
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-de-1996.hyb
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\51667C9E-0F61-40E1-80AF-9A9483ACEEA8
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\ABA9155F-9E05-432E-A521-9FECF2B7CE77
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440002v9.xml
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440007v3.xml
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230170v1.xml
data
#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db
data
#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2[1].js
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Safety\edge\remote\topTraffic_638004170464094982
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\5451C91R\staticstylesfabric-35c34b95e3[1].css
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\5JD14XPQ\pwa-bootstrap-5e7af218e953d095fabf[1].js
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\5JD14XPQ\staticpwascripts-30998bff8f[1].js
OpenPGP Public Key
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\HXWKPVWZ\hero-image-desktop-f6720a4145[1].jpg
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\HXWKPVWZ\otel-logger-104bffe9378b8041455c[1].js
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\HXWKPVWZ\pwa-forms-group~mru~officeforms-group-forms~officeforms-my-forms~places.bcdc404c7fe22f14ccad.chunk.v7[1].js
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\HXWKPVWZ\pwa-vendors~left-nav-rc.b24d6b48aeb44c7b5bf6.chunk.v7[1].js
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\MSIMGSIZ.DAT
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\P24NZ9IW\pwa-bundle-3a99f64809c6780df035[1].js
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\P24NZ9IW\pwa-left-nav-rc.68ab311bcca4f86f9ef5.chunk.v7[1].js
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\P24NZ9IW\pwa-mru.2ce72562ad7c0ae7059c.chunk.v7[1].js
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\P24NZ9IW\pwa-vendor-bundle-ba2888a24179bf152f3d[1].js
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\P24NZ9IW\sharedscripts-939520eada[1].js
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\0a3529373e57a34a26d0a9798b18e51e5fd47df56944d2d18432a490521847e6
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\0f918fa0f979db9d58e75e44cd71d5b3647881d95688e3f25c4a38cb0bd6a5ea
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\5a71b01af4cfafa1d2249785d1f2483917e1c2bdf23067405daf9e5e473a039e
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\5f4e8b246d10a390914e766688fe792ac6978a7a734a894b73458dbf3a6e2dd0
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\921ae2be6f2c0c4f5d0612de464ac6be9b75354010d4c8c367cf25fe0bff1b16
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\ac72f8d729696026187dd059d2d97c4cab419d349e745057c40f173d46ed66a2
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\ec8a27fa2a7af8674f8596cc39b564d43970a0c8dd0f3cb64d860f67dbb6597b
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\1696496401
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\1741354696
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\5NTP7FNT\10\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_7[1].txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\5NTP7FNT\10\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_9[1].txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\5NTP7FNT\17\-F7bYnjk9S0ADBYML9L8EdympNE.br[1].js
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\5NTP7FNT\17\5qSqWyip_grL-s7BafaqI3Mrk9M.br[1].js
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\5NTP7FNT\17\FgBbpIj0thGWZOh_xFnM9i4O7ek[1].css
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\5NTP7FNT\17\Init[1].htm
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\5NTP7FNT\17\fvNdnrKxhhxDQUEi09cCaSWpzzE[1].css
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\5NTP7FNT\17\pNXV2ymlrFEAOVLUgJkRBRwYFkY[1].js
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_powershell_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_narrator_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Adobe_Acrobat DC_Acrobat_Acrobat_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Windows NT_Accessories_wordpad_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_x64_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_x64_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt v3 Website_url
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_x64_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoItX_AutoItX_chm
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt_chm
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Extras
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_SciTE_SciTE_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_powershell_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_odbcad32_exe
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{090c06ba-60e4-4643-9896-fc994792ef36}\0.0.filtertrie.intermediate.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{090c06ba-60e4-4643-9896-fc994792ef36}\Apps.ft
DOS executable (COM)
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{31e7cf1b-dc24-4452-95a2-cfe4dccd937b}\Apps.index
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{50a16ccc-130f-4f2c-a2e9-5da6cc241852}\0.0.filtertrie.intermediate.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{19865394-38c8-473b-8d88-bf07dc9221d0}\appsglobals.txt
OpenPGP Secret Key
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{19865394-38c8-473b-8d88-bf07dc9221d0}\settingsconversions.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{19865394-38c8-473b-8d88-bf07dc9221d0}\settingsglobals.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{19865394-38c8-473b-8d88-bf07dc9221d0}\settingssynonyms.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{69143257-42f5-46b5-8baf-30774e2e792c}\0.0.filtertrie.intermediate.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{69143257-42f5-46b5-8baf-30774e2e792c}\Settings.ft
DOS executable (COM)
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{69143257-42f5-46b5-8baf-30774e2e792c}\Settings.index
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{d7420b01-ee72-478b-af4f-6b44c9dc7707}\0.0.filtertrie.intermediate.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{d7420b01-ee72-478b-af4f-6b44c9dc7707}\Settings.ft
DOS executable (COM)
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133858282342356852.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133858282917429064.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2
data
#
C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db
data
#
C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64
data
#
C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error
data
#
C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_804551531\4b56c463-a134-44ca-a2a6-86fef3e940d0
data
#
C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_835662851\e8d11bd0-b939-446e-b741-2c68ed471a53
data
#
C:\Users\user\KL3X3CVz2Y9k\gLxmjWgr.README.html
HTML document, Unicode text, UTF-8 text, with very long lines (22007)
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\GPUCache\data_1.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Network\Reporting and NEL.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\index.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Vpn Tokens.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\load_statistics.db-wal.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\edge_driver.js.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\edge_tracking_page_validator.js.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\product_page.js.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification_fast.bundle.js.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\fr-CA\strings.json.vC0pKHXt (copy)
OpenPGP Secret Key
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\de\strings.json.vC0pKHXt (copy)
OpenPGP Secret Key
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\es\strings.json.vC0pKHXt (copy)
OpenPGP Secret Key
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\id\strings.json.vC0pKHXt (copy)
OpenPGP Secret Key
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ru\strings.json.vC0pKHXt (copy)
OpenPGP Secret Key
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\sv\strings.json.vC0pKHXt (copy)
OpenPGP Secret Key
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hans\strings.json.vC0pKHXt (copy)
OpenPGP Secret Key
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\zh-Hant\strings.json.vC0pKHXt (copy)
OpenPGP Secret Key
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-tokenization-config.json.vC0pKHXt (copy)
OpenPGP Secret Key
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\wallet.bundle.js.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\GraphiteDawnCache\index.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-cy.hyb.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\51667C9E-0F61-40E1-80AF-9A9483ACEEA8.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\ABA9155F-9E05-432E-A521-9FECF2B7CE77.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Office\OTele\excel.exe.db.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Office\OTele\officec2rclient.exe.db.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog.etl.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_16.db.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Windows\Temporary Internet Files\IE\WDKI0JR2\ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2[1].js.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00002.jrs.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\HXWKPVWZ\otel-logger-104bffe9378b8041455c[1].js.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\0f918fa0f979db9d58e75e44cd71d5b3647881d95688e3f25c4a38cb0bd6a5ea.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\5f4e8b246d10a390914e766688fe792ac6978a7a734a894b73458dbf3a6e2dd0.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\ac72f8d729696026187dd059d2d97c4cab419d349e745057c40f173d46ed66a2.vC0pKHXt (copy)
data
#
C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\ec8a27fa2a7af8674f8596cc39b564d43970a0c8dd0f3cb64d860f67dbb6597b.vC0pKHXt (copy)
data
#