Windows Analysis Report
VkcZ4diwXl.exe

Overview

General Information

Sample name: VkcZ4diwXl.exe
renamed because original name is a hash value
Original sample name: 27a3cc834c1cd00ad5378c373d76957998bb54bbcfe67bbf3ae5c7be5a5a66dd.exe
Analysis ID: 1670172
MD5: 714b31629c37dee57038ca4e52ef65ac
SHA1: f9aa5b2dc359f3173ab555944b2fb5a914b45848
SHA256: 27a3cc834c1cd00ad5378c373d76957998bb54bbcfe67bbf3ae5c7be5a5a66dd
Tags: BrainCipherexeransomwareuser-TheRavenFile
Infos:

Detection

LockBit ransomware
Score: 100
Range: 0 - 100
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected LockBit ransomware
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Deletes itself after installation
Found Tor onion address
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
Modifies existing user documents (likely ransomware behavior)
Overwrites Mozilla Firefox settings
Tries to harvest and steal browser information (history, passwords, etc)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Writes to foreign memory regions
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection

barindex
Source: VkcZ4diwXl.exe Avira: detected
Source: C:\ProgramData\CD02.tmp Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: KUsfyVlDo.README.txt11.0.dr Malware Configuration Extractor: Lockbit {"Ransom Note": "***\r\nWelcome to Brain Cipher Ransomware!\r\n***\r\nDear managers!\r\nIf you're reading this, it means your systems have been hacked and encrypted and your data stolen.\r\n\r\n\r\n***\r\n\r\nThe most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours.\r\nIn order for it to be successful, you must follow a few points:\r\n\r\n1.Don't go to the police, etc.\r\n2.Do not attempt to recover data on your own.\r\n3.Do not take the help of third-party data recovery companies.\r\nIn most cases, they are scammers who will pay us a ransom and take a for themselves.\r\n\r\n***\r\n\r\nIf you violate any 1 of these points, we will refuse to cooperate with you!!!\r\n\r\nATTENTION! If you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion\r\n\r\n\r\n3 steps to data recovery: \r\n \r\n1. Download and install Tor Browser (https://www.torproject.org/download/)\r\n\t\t\t\r\n2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion\r\n\tThis page can take up to 30 minutes to load.\r\n\r\n3. Enter your encryption ID: qLRS3o7nBgYneLCCIQT5S9+wDocPid9vGWlDqWB004LvisizirSDvQ3mpA3NcJAuRWgQw0M5TcgSNEttohZcJzM2VXBrdjcx\r\n\r\n\r\nEmail to support: brain.support@cyberfear.com"}
Source: C:\ProgramData\CD02.tmp ReversingLabs: Detection: 85%
Source: VkcZ4diwXl.exe Virustotal: Detection: 90% Perma Link
Source: VkcZ4diwXl.exe ReversingLabs: Detection: 91%
Source: Submited Sample Neural Call Log Analysis: 100.0%
Source: VkcZ4diwXl.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Videos\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Searches\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Saved Games\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Recent\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Pictures\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Pictures\Saved Pictures\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Pictures\Camera Roll\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\OneDrive\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Music\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Links\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Favorites\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Favorites\Links\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Downloads\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\ZTGJILHXQB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\ZBEDCJPBEY\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\WKXEWIOTXI\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\PWCCAWLGRE\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\NIKHQAIQAU\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\LSBIHQFDVT\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\IPKGELNTQY\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\BPMLNOBVSB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\BNAGMGSPLO\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\ZTGJILHXQB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\ZBEDCJPBEY\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\WKXEWIOTXI\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\PWCCAWLGRE\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\NIKHQAIQAU\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\LSBIHQFDVT\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\IPKGELNTQY\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\BPMLNOBVSB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\BNAGMGSPLO\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Contacts\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ca4gppea.default\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\to-be-removed\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\temporary\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionstore-backups\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\security_state\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\saved-telemetry-pings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\minidumps\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\tmp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\pending_pings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\events\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\db\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\crashes\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\crashes\events\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\bookmarkbackups\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Headlights\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\587faa3d-8a11-4184-9853-e4724a85f714\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\VirtualStore\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_865338661\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_835662851\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_804551531\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_747471325\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_644102789\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_537188692\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_38665107\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_1505610330\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_1463071562\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_1432842222\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5140_511505862\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Low\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_6764_1517233949\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_6764_1314451580\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_783746381\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_606123166\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1726059252\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1689570837\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1453829056\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1441652407\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1300403242\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Diagnostics\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\chrome_url_fetcher_7080_1476385705\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrocef_low\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\SolidDocuments\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\PeerDistRepub\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{d7420b01-ee72-478b-af4f-6b44c9dc7707}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{69143257-42f5-46b5-8baf-30774e2e792c}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{19865394-38c8-473b-8d88-bf07dc9221d0}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{50a16ccc-130f-4f2c-a2e9-5da6cc241852}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3b24ce89-7d59-456b-a789-808d32bc7713}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: VkcZ4diwXl.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*6= source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ssvfglL.KUsfyVlDo0 source: VkcZ4diwXl.exe, 00000000.00000003.943149704.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943510128.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error{U` source: VkcZ4diwXl.exe, 00000000.00000003.950390956.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943149704.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.944896440.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945838258.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.946676369.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945407912.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943906320.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943510128.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947760095.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945656031.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.948185487.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947146425.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\KUsfyVlDo.README.txt0 source: VkcZ4diwXl.exe, 00000000.00000003.943149704.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943510128.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012E6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ssful, you must follow a few points: source: VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ownload.error8 source: VkcZ4diwXl.exe, 00000000.00000003.943017825.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942657839.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943271550.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: VkcZ4diwXl.exe, 00000000.00000003.1061804009.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1040286298.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.974864659.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956390714.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1092163971.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1095019955.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1101099626.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1096671153.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1038116287.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.979610393.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1091123452.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1089549314.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.950390956.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1088699358.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1038355049.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1065403775.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1110779253.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.995130089.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1108155497.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.972711337.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1064321150.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.957492862.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1079636657.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1042016120.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1046867303.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.994570495.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1135585446.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1109174385.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\KUsfyVlDo.README.txt source: VkcZ4diwXl.exe, 00000000.00000003.943017825.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939221889.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942657839.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943271550.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\KUsfyVlDo.README.txt source: VkcZ4diwXl.exe, 00000000.00000003.943510128.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945407912.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945656031.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947146425.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.944896440.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943906320.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943149704.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.948185487.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945838258.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947760095.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.946676369.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\* source: VkcZ4diwXl.exe, 00000000.00000003.1061804009.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1040286298.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.974864659.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956390714.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1092163971.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1095019955.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1101099626.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1096671153.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1038116287.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.979610393.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1091123452.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1089549314.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.950390956.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1088699358.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1038355049.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1065403775.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1110779253.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.995130089.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1108155497.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.972711337.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1064321150.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.957492862.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1079636657.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1042016120.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1046867303.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.994570495.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1135585446.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1109174385.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.000
Source: Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\UsfyVlDo.README.txt source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\qXqgVzL.KUsfyVlDo source: VkcZ4diwXl.exe, 00000000.00000003.943017825.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942657839.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943271550.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2R#L source: VkcZ4diwXl.exe, 00000000.00000003.943510128.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.952155589.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956062863.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945407912.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956390714.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945656031.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.955774022.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947146425.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.944896440.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943906320.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956713927.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943149704.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.948185487.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956238378.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.954883438.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945838258.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947760095.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.955495565.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.953971695.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwX
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\ source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\KUsfyVlDo.README.txt3^ source: VkcZ4diwXl.exe, 00000000.00000003.943149704.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.944896440.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945838258.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.946676369.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945407912.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943906320.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943510128.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947760095.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945656031.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.948185487.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947146425.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ssvfglL.KUsfyVlDoX source: VkcZ4diwXl.exe, 00000000.00000003.943017825.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939221889.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942657839.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943271550.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: VkcZ4diwXl.exe, 00000000.00000003.939221889.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: VkcZ4diwXl.exe, 00000000.00000003.943510128.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943149704.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*t source: VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*t source: VkcZ4diwXl.exe, 00000000.00000003.939221889.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: C:\ProgramData\CD02.tmp Code function: 4_2_0040227C FindFirstFileExW, 4_2_0040227C
Source: C:\ProgramData\CD02.tmp Code function: 4_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose, 4_2_0040152C
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\ Jump to behavior

Networking

barindex
Source: VkcZ4diwXl.exe, 00000000.00000003.887127651.00000000012BE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ge: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.1006939237.00000000012C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.912180833.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.905472459.00000000012D5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.910350826.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.998856575.00000000012CA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.915844853.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.911418366.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.914994766.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.889754414.0000000001319000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.914374349.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.907621061.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.914257703.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.889491733.000000000130A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.904011919.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.903199912.00000000012D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.896590081.00000000012C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.906943583.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.906717051.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.913799374.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.916993570.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.906019053.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.918272750.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.910962673.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.903814880.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.914499892.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.906422871.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.899916622.00000000012C2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.903571862.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.897117111.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.889683026.0000000001319000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.1001088627.00000000012C1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.914098595.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.911104456.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.917859699.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.910191473.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.916604920.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.907973444.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.998856575.00000000012C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.917620040.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.914871136.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.917329217.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.918150854.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.914623486.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.911857429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.912649739.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.889608223.0000000001319000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.899066116.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.905645577.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.917979889.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.907812700.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.910564536.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.915449167.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.913409611.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.914754446.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.1001088627.00000000012CA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.910820117.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.915237115.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.917443501.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.898484805.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.908208673.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.889951324.0000000001310000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.913927860.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.910696953.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.903499380.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.895287512.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.905241572.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.917750412.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.907389049.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.897606180.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.915116698.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.917115817.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.898102398.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.898809785.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: KUsfyVlDo.README.txt11.0.dr String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: KUsfyVlDo.README.txt287.0.dr String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: KUsfyVlDo.README.txt282.0.dr String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: KUsfyVlDo.README.txt137.0.dr String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: KUsfyVlDo.README.txt448.0.dr String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: KUsfyVlDo.README.txt306.0.dr String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: KUsfyVlDo.README.txt160.0.dr String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: KUsfyVlDo.README.txt513.0.dr String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: KUsfyVlDo.README.txt129.0.dr String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: VkcZ4diwXl.exe, 00000000.00000003.887127651.00000000012BE000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1006939237.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.912180833.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905472459.00000000012D5000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.910350826.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.998856575.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.915844853.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.911418366.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.914994766.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.904981206.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.889754414.0000000001319000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.914374349.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.907621061.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.914257703.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.889491733.000000000130A000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.904011919.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.903199912.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.896590081.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.906943583.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.906717051.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.913799374.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://allegro.pl/
Source: VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bugzilla.mo
Source: VkcZ4diwXl.exe, 00000000.00000003.1138011793.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/e50dda5d-df59-420d-
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://weibo.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.aliexpress.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.ca/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.co.uk/
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.de/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.fr/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.avito.ru/
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.bbc.co.uk/
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ctrip.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.co.uk/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.de/
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ifeng.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.iqiyi.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.leboncoin.fr/
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: VkcZ4diwXl.exe, 00000000.00000003.902002501.00000000013B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.olx.pl/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.reddit.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.890695738.00000000012FD000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.898484805.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.917979889.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.898102398.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.907812700.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.910564536.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.915449167.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.913409611.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.914754446.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1001088627.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.894984447.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.910820117.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.915237115.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.917443501.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.898484805.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.896437833.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.908208673.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.896667358.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.889951324.0000000001310000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.913927860.00000000012F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.torproject.org/download/)
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.wykop.pl/
Source: VkcZ4diwXl.exe, 00000000.00000003.904981206.000000000135C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: VkcZ4diwXl.exe, 00000000.00000003.905830938.0000000001349000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.905645577.0000000001349000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.zhihu.com/

Spam, unwanted Advertisements and Ransom Demands

barindex
Source: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Dropped file: ***Welcome to Brain Cipher Ransomware!***Dear managers!If you're reading this, it means your systems have been hacked and encrypted and your data stolen.***The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours.In order for it to be successful, you must follow a few points:1.Don't go to the police, etc.2.Do not attempt to recover data on your own.3.Do not take the help of third-party data recovery companies.In most cases, they are scammers who will pay us a ransom and take a for themselves.***If you violate any 1 of these points, we will refuse to cooperate with you!!!ATTENTION! If you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. Download and install Tor Browser (https://www.torproject.org/download/)2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionThis page can take up to 30 minutes to load.3. Enter your encryption ID: qLRS3o7nBgYneLCCIQT5S9+wDocPid9vGWlDqWB004LvisizirSDvQ3mpA3NcJAuRWgQw0M5TcgSNEttohZcJzM2VXBrdjcxEmail to support: brain.support@cyberfear.com Jump to dropped file
Source: Yara match File source: VkcZ4diwXl.exe, type: SAMPLE
Source: Yara match File source: 0.0.VkcZ4diwXl.exe.9d0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000000.884056995.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File moved: C:\Users\user\Desktop\BPMLNOBVSB.pdf Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File moved: C:\Users\user\Desktop\RAYHIWGKDI.xlsx Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File moved: C:\Users\user\Desktop\ZBEDCJPBEY.docx Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File moved: C:\Users\user\Desktop\RAYHIWGKDI.jpg Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File moved: C:\Users\user\Desktop\ZBEDCJPBEY\NIKHQAIQAU.xlsx Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!!attention! if you do not contact us within 48 hours, we will post the record on our website: vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/)2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onionthis page can take up to 30 minutes to l Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\fzl1CeY.KUsfyVlDo entropy: 7.99524943644 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ugpqV6A.KUsfyVlDo entropy: 7.99517024656 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\xRySs62.KUsfyVlDo entropy: 7.99456532205 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\wa0nn0c.KUsfyVlDo entropy: 7.99475143057 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\xGpDyE6.KUsfyVlDo entropy: 7.99596635389 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\hVJQwkR.KUsfyVlDo entropy: 7.995128002 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\b24Msps.KUsfyVlDo entropy: 7.99571643914 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\q4agdb7.KUsfyVlDo entropy: 7.99559326571 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\F6LxZQg.KUsfyVlDo entropy: 7.99494670332 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\W0QHw00.KUsfyVlDo entropy: 7.99538972145 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\DCSZW6z.KUsfyVlDo entropy: 7.99598068955 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\dqNJpHn.KUsfyVlDo entropy: 7.99526277158 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\EJo0Cu0.KUsfyVlDo entropy: 7.99564144812 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\gcJuZ3v.KUsfyVlDo entropy: 7.99502475619 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\YMxAvb4.KUsfyVlDo entropy: 7.99485808261 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\dJtw5Gs.KUsfyVlDo entropy: 7.99430075881 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\V8CZvR9.KUsfyVlDo entropy: 7.99510033227 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\37YmpQF.KUsfyVlDo entropy: 7.99496099013 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\EGsW62z.KUsfyVlDo entropy: 7.99556096609 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\XahsKyw.KUsfyVlDo entropy: 7.99368765177 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\2Zgc7aU.KUsfyVlDo entropy: 7.99494311486 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OA7j5tY.KUsfyVlDo entropy: 7.99580614479 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\tuunPrV.KUsfyVlDo entropy: 7.99527211266 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ryOILnH.KUsfyVlDo entropy: 7.99580003341 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\e1IYSrT.KUsfyVlDo entropy: 7.99507833715 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\L8MFJBo.KUsfyVlDo entropy: 7.99463507756 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Od1h8GA.KUsfyVlDo entropy: 7.99542120641 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\RhU2qXh.KUsfyVlDo entropy: 7.99536792261 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\j8riKeg.KUsfyVlDo entropy: 7.9947305121 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\qZVayCq.KUsfyVlDo entropy: 7.9943423764 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\fVE07bI.KUsfyVlDo entropy: 7.99540882787 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\nYHhGex.KUsfyVlDo entropy: 7.9943891358 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\2Td4oh7.KUsfyVlDo entropy: 7.99482741196 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\syAHL6r.KUsfyVlDo entropy: 7.9951698501 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\5jIeajb.KUsfyVlDo entropy: 7.99482640137 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\xZcuNIV.KUsfyVlDo entropy: 7.99573244096 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\wpfnpCn.KUsfyVlDo entropy: 7.99482851639 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\H41w3Kc.KUsfyVlDo entropy: 7.99566704918 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\IJzDMun.KUsfyVlDo entropy: 7.99411466013 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\PoRdgqU.KUsfyVlDo entropy: 7.99576071034 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\YhKigYV.KUsfyVlDo entropy: 7.99500036818 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\9p3NxA0.KUsfyVlDo entropy: 7.99433215199 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\fDcIkp5.KUsfyVlDo entropy: 7.99579041193 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ezrMaQJ.KUsfyVlDo entropy: 7.9950982943 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Ks2dbJL.KUsfyVlDo entropy: 7.99529735382 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\LvEu0eX.KUsfyVlDo entropy: 7.9950066822 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\J3drDbR.KUsfyVlDo entropy: 7.99509125647 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\7bofWv4.KUsfyVlDo entropy: 7.9948842554 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ssxLoyS.KUsfyVlDo entropy: 7.99438717324 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\pgvCvN8.KUsfyVlDo entropy: 7.99537596978 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\z6OqFfB.KUsfyVlDo entropy: 7.99533283385 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\r14Sfiy.KUsfyVlDo entropy: 7.99520312194 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\r5UmgUF.KUsfyVlDo entropy: 7.9951633852 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\A6PjMpG.KUsfyVlDo entropy: 7.9945926693 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\DWm9rpP.KUsfyVlDo entropy: 7.99520107868 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\JzX9D0H.KUsfyVlDo entropy: 7.99536945173 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\j5QoPx2.KUsfyVlDo entropy: 7.9958219866 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\HgbBFRA.KUsfyVlDo entropy: 7.99458213921 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\9ObSD8N.KUsfyVlDo entropy: 7.99513861442 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\GPzRa3h.KUsfyVlDo entropy: 7.9949139368 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\BTGXZrU.KUsfyVlDo entropy: 7.99561102364 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\FfJaG0C.KUsfyVlDo entropy: 7.99966639265 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\FUgk9zW.KUsfyVlDo entropy: 7.99964474907 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\FksgyeX.KUsfyVlDo entropy: 7.99962792017 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Hsq9DxV.KUsfyVlDo entropy: 7.99491422548 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\IqEVxyy.KUsfyVlDo entropy: 7.99531856351 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\FygS3Zc.KUsfyVlDo entropy: 7.99969311447 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\Fe69qds.KUsfyVlDo entropy: 7.99407865049 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\UYQYewj.KUsfyVlDo entropy: 7.99594751805 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\y08MAhM.KUsfyVlDo entropy: 7.99500431955 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\vW9w1qa.KUsfyVlDo entropy: 7.99534728997 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\KWaEca0.KUsfyVlDo entropy: 7.99574947729 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\IRJcP84.KUsfyVlDo entropy: 7.99486403136 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\eOHvrQI.KUsfyVlDo entropy: 7.99596785869 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\Y9rnKbP.KUsfyVlDo entropy: 7.99435966264 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\NfEfLot.KUsfyVlDo entropy: 7.99479295286 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\saved-telemetry-pings\u4hgGM2.KUsfyVlDo entropy: 7.99738502817 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\7nPDPdj.KUsfyVlDo entropy: 7.99001351743 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\45\E6DC4029A1E4B4C1\2630E715A27EBE1B\2qMDHIq.KUsfyVlDo entropy: 7.99888595911 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\25\E6DC4029A1E4B4C1\F07D7B28781708E7\Zu25sDk.KUsfyVlDo entropy: 7.99900915713 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\25\E6DC4029A1E4B4C1\67E5D730C186382E\rhiOH1N.KUsfyVlDo entropy: 7.99906065998 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\20\E6DC4029A1E4B4C1\D1A78CD798CAC207\aNMfe3J.KUsfyVlDo entropy: 7.99725784817 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\tDS6v4U.KUsfyVlDo entropy: 7.9917623334 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\20\E6DC4029A1E4B4C1\8B626E97716A9224\uZ2kw87.KUsfyVlDo entropy: 7.996852193 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\pgHDmHH.KUsfyVlDo entropy: 7.99759043705 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\2\E6DC4029A1E4B4C1\BA82D22F5C74EADD\WvMfwIQ.KUsfyVlDo entropy: 7.99945913997 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\15\E6DC4029A1E4B4C1\15846B3E3ACAB796\87CoE0C.KUsfyVlDo entropy: 7.99963181669 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store\15\E6DC4029A1E4B4C1\0007478D53A9CE86\iBMOnXb.KUsfyVlDo entropy: 7.99804649008 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\zhZbcd5.KUsfyVlDo entropy: 7.99922360501 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\E7LtGij.KUsfyVlDo entropy: 7.99929807946 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\WdIGQCl.KUsfyVlDo entropy: 7.99926349872 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\X1GvxQc.KUsfyVlDo entropy: 7.9994588618 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\extensions_crx_cache\ViojlK6.KUsfyVlDo entropy: 7.99891521711 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\NtpGCwK.KUsfyVlDo entropy: 7.99780739691 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\qol5dcS.KUsfyVlDo entropy: 7.99531319838 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\Hh7HZVj.KUsfyVlDo entropy: 7.99507516513 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\zUj49pN.KUsfyVlDo entropy: 7.9989565213 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\Lni7JCx.KUsfyVlDo entropy: 7.99930994739 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Fig8akg.KUsfyVlDo entropy: 7.99915888285 Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\wplm40K.KUsfyVlDo entropy: 7.99798522738 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\VkcZ4diwXl.exe entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\IIIIIIIIIIIIII (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy) entropy: 7.99714961561 Jump to dropped file
Source: C:\ProgramData\CD02.tmp File created: C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy) entropy: 7.99714961561 Jump to dropped file

System Summary

barindex
Source: VkcZ4diwXl.exe, type: SAMPLE Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 0.0.VkcZ4diwXl.exe.9d0000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 00000000.00000000.884056995.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: C:\ProgramData\CD02.tmp Code function: 4_2_00402760 CreateFileW,ReadFile,NtClose, 4_2_00402760
Source: C:\ProgramData\CD02.tmp Code function: 4_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess, 4_2_0040286C
Source: C:\ProgramData\CD02.tmp Code function: 4_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW, 4_2_00402F18
Source: C:\ProgramData\CD02.tmp Code function: 4_2_00401DC2 NtProtectVirtualMemory, 4_2_00401DC2
Source: C:\ProgramData\CD02.tmp Code function: 4_2_00401D94 NtSetInformationThread, 4_2_00401D94
Source: C:\ProgramData\CD02.tmp Code function: 4_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory, 4_2_004016B4
Source: Joe Sandbox View Dropped File: C:\ProgramData\CD02.tmp 917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process token adjusted: Security
Source: VkcZ4diwXl.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: VkcZ4diwXl.exe, type: SAMPLE Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 0.0.VkcZ4diwXl.exe.9d0000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 00000000.00000000.884056995.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: CD02.tmp.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: mal100.rans.phis.spyw.evad.winEXE@6/1157@0/0
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5336:120:WilError_03
Source: C:\ProgramData\CD02.tmp Mutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\4db24cbb565899cdd8b265d3b98958a2
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\ProgramData\CD02.tmp File read: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: VkcZ4diwXl.exe Virustotal: Detection: 90%
Source: VkcZ4diwXl.exe ReversingLabs: Detection: 91%
Source: unknown Process created: C:\Users\user\Desktop\VkcZ4diwXl.exe "C:\Users\user\Desktop\VkcZ4diwXl.exe"
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process created: C:\ProgramData\CD02.tmp "C:\ProgramData\CD02.tmp"
Source: C:\ProgramData\CD02.tmp Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\CD02.tmp >> NUL
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process created: C:\ProgramData\CD02.tmp "C:\ProgramData\CD02.tmp" Jump to behavior
Source: C:\ProgramData\CD02.tmp Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\CD02.tmp >> NUL
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: activeds.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: adsldpc.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: gpedit.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: dssec.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: dsuiext.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: dsrole.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: ntdsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: authz.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: adsldp.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Section loaded: wldp.dll Jump to behavior
Source: C:\ProgramData\CD02.tmp Section loaded: apphelp.dll
Source: C:\ProgramData\CD02.tmp Section loaded: rstrtmgr.dll
Source: C:\ProgramData\CD02.tmp Section loaded: ncrypt.dll
Source: C:\ProgramData\CD02.tmp Section loaded: ntasn1.dll
Source: C:\ProgramData\CD02.tmp Section loaded: windows.storage.dll
Source: C:\ProgramData\CD02.tmp Section loaded: wldp.dll
Source: C:\ProgramData\CD02.tmp Section loaded: kernel.appcore.dll
Source: C:\ProgramData\CD02.tmp Section loaded: uxtheme.dll
Source: C:\ProgramData\CD02.tmp Section loaded: propsys.dll
Source: C:\ProgramData\CD02.tmp Section loaded: profapi.dll
Source: C:\ProgramData\CD02.tmp Section loaded: edputil.dll
Source: C:\ProgramData\CD02.tmp Section loaded: urlmon.dll
Source: C:\ProgramData\CD02.tmp Section loaded: iertutil.dll
Source: C:\ProgramData\CD02.tmp Section loaded: srvcli.dll
Source: C:\ProgramData\CD02.tmp Section loaded: netutils.dll
Source: C:\ProgramData\CD02.tmp Section loaded: windows.staterepositoryps.dll
Source: C:\ProgramData\CD02.tmp Section loaded: sspicli.dll
Source: C:\ProgramData\CD02.tmp Section loaded: wintypes.dll
Source: C:\ProgramData\CD02.tmp Section loaded: appresolver.dll
Source: C:\ProgramData\CD02.tmp Section loaded: bcp47langs.dll
Source: C:\ProgramData\CD02.tmp Section loaded: slc.dll
Source: C:\ProgramData\CD02.tmp Section loaded: userenv.dll
Source: C:\ProgramData\CD02.tmp Section loaded: sppc.dll
Source: C:\ProgramData\CD02.tmp Section loaded: onecorecommonproxystub.dll
Source: C:\ProgramData\CD02.tmp Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini Jump to behavior
Source: VkcZ4diwXl.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: VkcZ4diwXl.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*6= source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ssvfglL.KUsfyVlDo0 source: VkcZ4diwXl.exe, 00000000.00000003.943149704.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943510128.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error{U` source: VkcZ4diwXl.exe, 00000000.00000003.950390956.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943149704.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.944896440.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945838258.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.946676369.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945407912.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943906320.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943510128.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947760095.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945656031.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.948185487.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947146425.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\KUsfyVlDo.README.txt0 source: VkcZ4diwXl.exe, 00000000.00000003.943149704.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943510128.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012E6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ssful, you must follow a few points: source: VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ownload.error8 source: VkcZ4diwXl.exe, 00000000.00000003.943017825.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942657839.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943271550.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: VkcZ4diwXl.exe, 00000000.00000003.1061804009.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1040286298.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.974864659.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956390714.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1092163971.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1095019955.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1101099626.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1096671153.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1038116287.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.979610393.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1091123452.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1089549314.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.950390956.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1088699358.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1038355049.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1065403775.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1110779253.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.995130089.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1108155497.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.972711337.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1064321150.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.957492862.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1079636657.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1042016120.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1046867303.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.994570495.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1135585446.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1109174385.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\KUsfyVlDo.README.txt source: VkcZ4diwXl.exe, 00000000.00000003.943017825.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939221889.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942657839.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943271550.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\KUsfyVlDo.README.txt source: VkcZ4diwXl.exe, 00000000.00000003.943510128.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945407912.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945656031.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947146425.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.944896440.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943906320.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943149704.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.948185487.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945838258.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947760095.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.946676369.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\* source: VkcZ4diwXl.exe, 00000000.00000003.1061804009.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1040286298.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.974864659.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956390714.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1092163971.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1095019955.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1101099626.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1096671153.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1038116287.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.979610393.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1091123452.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1089549314.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.950390956.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1088699358.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1038355049.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1065403775.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1110779253.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.995130089.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1108155497.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.972711337.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1064321150.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.957492862.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1079636657.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1042016120.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1046867303.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.994570495.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1135585446.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.1109174385.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.000
Source: Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\UsfyVlDo.README.txt source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\qXqgVzL.KUsfyVlDo source: VkcZ4diwXl.exe, 00000000.00000003.943017825.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942657839.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943271550.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2R#L source: VkcZ4diwXl.exe, 00000000.00000003.943510128.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.952155589.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956062863.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945407912.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956390714.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945656031.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.955774022.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947146425.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.944896440.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943906320.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956713927.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943149704.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.948185487.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.956238378.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.954883438.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945838258.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947760095.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.955495565.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.953971695.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwX
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\ source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\KUsfyVlDo.README.txt3^ source: VkcZ4diwXl.exe, 00000000.00000003.943149704.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.944896440.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945838258.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.946676369.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945407912.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943906320.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943510128.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947760095.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.945656031.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.948185487.000000000132D000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.947146425.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ssvfglL.KUsfyVlDoX source: VkcZ4diwXl.exe, 00000000.00000003.943017825.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939221889.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942657839.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943271550.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: VkcZ4diwXl.exe, 00000000.00000003.939221889.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941564283.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940312790.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: VkcZ4diwXl.exe, 00000000.00000003.943510128.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942734376.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943691997.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.942924909.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941626125.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.941857375.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.943149704.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*t source: VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*t source: VkcZ4diwXl.exe, 00000000.00000003.939221889.00000000013E3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: VkcZ4diwXl.exe, 00000000.00000003.940454498.000000000132D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: VkcZ4diwXl.exe, 00000000.00000003.939266824.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.938895429.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: VkcZ4diwXl.exe, 00000000.00000003.940454498.00000000012F6000.00000004.00000020.00020000.00000000.sdmp, VkcZ4diwXl.exe, 00000000.00000003.939540598.00000000012F6000.00000004.00000020.00020000.00000000.sdmp
Source: CD02.tmp.0.dr Static PE information: real checksum: 0x8fd0 should be: 0x4f26
Source: VkcZ4diwXl.exe Static PE information: real checksum: 0x30f76 should be: 0x2f25c
Source: CD02.tmp.0.dr Static PE information: section name: .text entropy: 7.985216639497568
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\ProgramData\CD02.tmp Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\ProgramData\CD02.tmp Jump to dropped file
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Videos\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Searches\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Saved Games\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Recent\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Pictures\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Pictures\Saved Pictures\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Pictures\Camera Roll\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\OneDrive\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Music\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Links\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Favorites\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Favorites\Links\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Downloads\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\ZTGJILHXQB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\ZBEDCJPBEY\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\WKXEWIOTXI\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\PWCCAWLGRE\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\NIKHQAIQAU\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\LSBIHQFDVT\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\IPKGELNTQY\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\BPMLNOBVSB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Documents\BNAGMGSPLO\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\ZTGJILHXQB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\ZBEDCJPBEY\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\WKXEWIOTXI\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\PWCCAWLGRE\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\NIKHQAIQAU\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\LSBIHQFDVT\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\IPKGELNTQY\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\BPMLNOBVSB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Desktop\BNAGMGSPLO\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\Contacts\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ca4gppea.default\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\to-be-removed\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\temporary\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionstore-backups\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\security_state\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\saved-telemetry-pings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\minidumps\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\tmp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\pending_pings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\events\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\db\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\crashes\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\crashes\events\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\bookmarkbackups\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Headlights\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\587faa3d-8a11-4184-9853-e4724a85f714\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\VirtualStore\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_865338661\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_835662851\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_804551531\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_747471325\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_644102789\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_537188692\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_38665107\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_1505610330\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_1463071562\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5636_1432842222\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5140_511505862\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Low\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_6764_1517233949\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_6764_1314451580\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_783746381\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_606123166\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1726059252\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1689570837\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1453829056\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1441652407\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\edge_BITS_3784_1300403242\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Diagnostics\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\chrome_url_fetcher_7080_1476385705\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrocef_low\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\SolidDocuments\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\PeerDistRepub\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{d7420b01-ee72-478b-af4f-6b44c9dc7707}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{69143257-42f5-46b5-8baf-30774e2e792c}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{19865394-38c8-473b-8d88-bf07dc9221d0}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{50a16ccc-130f-4f2c-a2e9-5da6cc241852}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3b24ce89-7d59-456b-a789-808d32bc7713}\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\KUsfyVlDo.README.txt Jump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\ProgramData\CD02.tmp Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\CD02.tmp >> NUL
Source: C:\ProgramData\CD02.tmp Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\CD02.tmp >> NUL
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
Source: C:\ProgramData\CD02.tmp Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\ProgramData\CD02.tmp Code function: 4_2_00401E28 4_2_00401E28
Source: C:\ProgramData\CD02.tmp Code function: 4_2_00401E28 rdtsc 4_2_00401E28
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\ProgramData\CD02.tmp Code function: 4_2_0040227C FindFirstFileExW, 4_2_0040227C
Source: C:\ProgramData\CD02.tmp Code function: 4_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose, 4_2_0040152C
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\ Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\ Jump to behavior
Source: VkcZ4diwXl.exe, 00000000.00000003.938895429.000000000132D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 10/05/2023 10:08:21.955OFFICECL (0xf2c)0x2260Telemetry EventbiyhqMediumSendEvent {"EventName": "Office.System.SystemHealthMetadataDeviceConsolidated", "Flags": 33777031581908737, "InternalSequenceNumber": 551, "Time": "2023-10-05T09:08:12Z", "Rule": "120600.4", "AriaTenantToken": "cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521", "Contract": "Office.Legacy.Metadata", "Data.ProcTypeText": "x64", "Data.ProcessorCount": 2, "Data.NumProcShareSingleCore": 1, "Data.NumProcShareSingleCache": 1, "Data.NumProcPhysCores": 2, "Data.ProcSpeedMHz": 2000, "Data.IsLaptop": false, "Data.IsTablet": false, "Data.RamMB": 4096, "Data.PowerPlatformRole": 1, "Data.SysVolSizeMB": 50000, "Data.DeviceManufacturer": "VMWare, Inc.", "Data.DeviceModel": "VMware20,1", "Data.DigitizerInfo": 0, "Data.SusClientId": "097C77FB-5D5D-4868-860B-09F4E5B50A53", "Data.WindowsSqmMachineId": "92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A", "Data.ComputerSystemProductUuidHash": "vMZb+reczwhhqfQv1cT5DfpGz5c=", "Data.DeviceProcessorModel": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Data.HasSpectreFix": true, "Data.BootDiskType": "SSD"}
Source: CD02.tmp, 00000004.00000002.1230073540.0000000000772000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}d
Source: CD02.tmp, 00000004.00000002.1230073540.0000000000772000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process information queried: ProcessInformation

Anti Debugging

barindex
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\ProgramData\CD02.tmp Thread information set: HideFromDebugger
Source: C:\ProgramData\CD02.tmp Code function: 4_2_00401E28 rdtsc 4_2_00401E28
Source: C:\ProgramData\CD02.tmp Code function: 4_2_00401474 LdrLoadDll, 4_2_00401474
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process token adjusted: Debug
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process token adjusted: Debug
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Memory written: C:\ProgramData\CD02.tmp base: 401000 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe Process created: C:\ProgramData\CD02.tmp "C:\ProgramData\CD02.tmp" Jump to behavior
Source: C:\ProgramData\CD02.tmp Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\CD02.tmp >> NUL
Source: C:\ProgramData\CD02.tmp Code function: 4_2_00401E28 cpuid 4_2_00401E28
Source: C:\ProgramData\CD02.tmp Code function: EntryPoint,ExitProcess,GetModuleHandleW,GetCommandLineW,GetModuleHandleA,GetCommandLineW,GetLocaleInfoW,GetLastError,FreeLibrary,FreeLibrary,GetProcAddress,CreateWindowExW,DefWindowProcW,GetWindowTextW,LoadMenuW,LoadMenuW,DefWindowProcW,SetTextColor,GetTextCharset,TextOutW,SetTextColor,GetTextColor,CreateFontW,GetTextColor,CreateDIBitmap,SelectObject,GetTextColor,CreateFontW, 4_2_00403983

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ca4gppea.default\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\to-be-removed\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\temporary\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionstore-backups\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\security_state\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\saved-telemetry-pings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\minidumps\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\tmp\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\pending_pings\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\events\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\db\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\crashes\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\crashes\events\KUsfyVlDo.README.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\bookmarkbackups\KUsfyVlDo.README.txt Jump to behavior

Stealing of Sensitive Information

barindex
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\ExperimentStoreData.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\Dc4du0v.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\vW9w1qa.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\MTDuu4i.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\pkcs11.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\permissions.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\1696496532976.f626f4c3-4652-4b17-a31d-20b62aabb4bc.health.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\events\1brE2IK.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionstore.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\zE8rCo2.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\XpH1aRM.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\search.json.mozlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\G2ljnpx.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\Fe69qds.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\saved-telemetry-pings\u4hgGM2.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\state.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\HBfJxJg.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\SiteSecurityServiceState.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\NOYAwy0.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\5jCccjV.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\GyfuBjZ.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\protections.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\favicons.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\handlers.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\Sfm6yBO.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\R0ObvRp.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\qIV5gr6.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\y08MAhM.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\u43INaR.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ca4gppea.default\PbK0Kiv.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\CqYL7cI.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\addons.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\addonStartup.json.lz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\23Zxca0.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\3a8Ie0x.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\eOHvrQI.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\w1QLHXR.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\pending_pings\ckFBzLX.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\DiXWrlF.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\Ux02M32.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\UYQYewj.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\geOcD0B.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\webappsstore.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\events\background-update Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\WqOmOYy.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\pLuwfYb.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\1696496532955.5c52a77f-c922-4d05-b4a5-35092432cb64.health.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\1696496526939.711b9395-807b-4c7f-a045-dd83b14de7aa.first-shutdown.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\Mclku1W.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\Y9rnKbP.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\kN32eJ9.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionstore-backups\previous.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\saved-telemetry-pings\6f88a504-672b-429f-becc-5f24bfcb1009 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\nrEJRVr.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\1696496532994.855442d8-08ff-437c-ab54-8b85f7a1de31.main.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sryujq8.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\saved-telemetry-pings\5c52a77f-c922-4d05-b4a5-35092432cb64 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\e6VNMlY.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\1696496532976.270e063c-5835-4e21-b776-167913525107.event.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionCheckpoints.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\URBY0WU.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\wTdKnvg.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\trYR0iH.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.db Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\1696496526932.a88cd073-7a8b-423f-bd0e-4c9cfe05f0fa.event.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\pending_pings\cb77fc44-213e-46f2-a233-e27b26b3b3e2 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\pending_pings\f30d6b3f-1d43-4dd4-add9-f29c1313c2dd Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\YVX9dYc.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\containers.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\zd5YwvM.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\events\events Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\content-prefs.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\QuWeUe6.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionstore-backups\3yXTZxi.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\.metadata-v2 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\ekY2jpt.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\compatibility.ini Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\q9J7fbP.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\IRJcP84.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\webappsstore.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\session-state.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\xulstore.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\7nPDPdj.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\NfEfLot.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\extension-preferences.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\shield-preference-experiments.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\mUJRFEg.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\VZ4ERzn.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\QRNGL0M.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\i9rsuW2.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\VzliGOq.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\kVcLdYS.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\favicons.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\A0bhMKp.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\CtX18Dg.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\sessionstore-backups\6AJm7wG.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\ls-archive.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\yfCUlfa.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\KWaEca0.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\swyg8V2.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\1696496526938.6f88a504-672b-429f-becc-5f24bfcb1009.main.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\FypwqMh.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\1696496526924.bb2f07d2-72ba-475b-89d6-f1004541a20e.new-profile.jsonlz4 Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ca4gppea.default\times.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\pending_pings\wNP8vJJ.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\glean\events\nH7dVDy.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\datareporting\archived\2023-10\MelxmjP.KUsfyVlDo Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\targeting.snapshot.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\AlternateServices.txt Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\times.json Jump to behavior
Source: C:\Users\user\Desktop\VkcZ4diwXl.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\saved-telemetry-pings\vemHk6G.KUsfyVlDo Jump to behavior
No contacted IP infos