Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Iir6rxs8r6.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\$WinREAgent\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\$WinREAgent\Scratch\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Adobe\ARM\Acrobat_23.006.20320\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Adobe\ARM\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Adobe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\en-us.16\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\en-us.16\MasterDescriptor.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\en-us.16\stream.x86.en-us.dat.cat.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\en-us.16\stream.x86.en-us.db.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\en-us.16\stream.x86.en-us.man.dat.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\x-none.16\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\x-none.16\MasterDescriptor.x-none.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\x-none.16\stream.x86.x-none.dat.cat.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\x-none.16\stream.x86.x-none.db.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\Diagtrack-Listener.etl.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_alternativeTrace\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_aot\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_diag\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_miniTrace\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\TimeTravelDebuggingStorage\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\DiagnosticLogCSP_Collector_Autopilot_2023_10_3_9_57_25.etl.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\DiagnosticLogCSP_Collector_Autopilot_2023_10_3_9_59_39.etl.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\DiagnosticLogCSP_Collector_DeviceProvisioning_2023_10_3_8_56_48.etl.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\DiagnosticLogCSP_Collector_DeviceProvisioning_2023_10_4_9_46_43.etl.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Provisioning\AssetCache\CellularUx\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\DLPCache\FileEvidence\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\DLPCache\NetworkFilesMappingStubs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasbase.lkg.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasbase.vdm.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.lkg.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavbase.lkg.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.lkg.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavdlta.vdm.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\StableEngineEtwLocation\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F4F15B9-002F-484A-961E-DB92D12569B3}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F4F15B9-002F-484A-961E-DB92D12569B3}\mpasbase.vdm.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F4F15B9-002F-484A-961E-DB92D12569B3}\mpasdlta.vdm.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F4F15B9-002F-484A-961E-DB92D12569B3}\mpavbase.vdm.rhysida
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F4F15B9-002F-484A-961E-DB92D12569B3}\mpavdlta.vdm.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Catalogs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Catalogs\IGD.CAT.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Drivers\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpPreference.cdxml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpSignature.cdxml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-GB\mpasdesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-US\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\en-US\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\as-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\as-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\az-Latn-AZ\mpuxagent.dll.mui.rhysida
|
OpenPGP Secret Key
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bn-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bn-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bs-Latn-BA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bs-Latn-BA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES-valencia\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES-valencia\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cy-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cy-GB\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\MpAsDesc.dll.mui.rhysida
|
OpenPGP Secret Key
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpEvMsg.dll.mui.rhysida
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpEvMsg.dll.mui.rhysida
|
DOS executable (COM)
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\is-IS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ne-NP\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\mpuxagent.dll.mui.rhysida
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-BA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-BA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Cyrl-RS\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sr-Latn-RS\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tt-RU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tt-RU\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ug-CN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ur-PK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ur-PK\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\ProtectionManagement.dll.mui.rhysida
|
OpenPGP Secret Key
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Catalogs\IGD.CAT.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Drivers\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-Service.man.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Windows-Windows Defender.man.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpPreference.cdxml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpSignature.cdxml.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-GB\mpasdesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\en-US\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\am-ET\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\am-ET\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\as-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\as-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\az-Latn-AZ\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bn-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bn-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bs-Latn-BA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bs-Latn-BA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES-valencia\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES-valencia\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\eu-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\eu-ES\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fil-PH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fil-PH\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gd-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gd-GB\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\mpuxagent.dll.mui.rhysida
|
COM executable for DOS
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hi-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hi-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\is-IS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\is-IS\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\km-KH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\km-KH\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kn-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ko-KR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kok-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kok-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lo-LA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ml-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mr-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mt-MT\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ne-NP\mpuxagent.dll.mui.rhysida
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\MpAsDesc.dll.mui.rhysida
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sl-SI\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sq-AL\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-BA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-BA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Cyrl-RS\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sr-Latn-RS\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sv-SE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ta-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\te-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\te-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\th-TH\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tr-TR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tt-RU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\tt-RU\mpuxagent.dll.mui.rhysida
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ug-CN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\uk-UA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ur-PK\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\vi-VN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-CN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\MpEvMsg.dll.mui.rhysida
|
OpenPGP Secret Key Version 3
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\zh-TW\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Quarantine\Entries\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\E3\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\E3\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\BackupStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.01.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.6C.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.A0.rhysida
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.E6.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\packages\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\Users\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\.curlrc.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft OneDrive\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft OneDrive\setup\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\AppV\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\AppV\Setup\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\VirtualRegistry.dat.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\en-us.16\s321033.hash.rhysida
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\en-us.16\stream.x86.en-us.hash.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\operations.db.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\x-none.16\i320.c2rx.hash.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\x-none.16\s320.hash.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\x-none.16\stream.x86.x-none.hash.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A3CECAC7-AFEC-4136-AD26-4F02273A588C\x-none.16\stream.x86.x-none.man.dat.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\UserData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\DSS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\Keys\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\PCPKSP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\RSA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\SystemKeys\4fbf593b24f129e7d8c9fc84ba6a1ac3_9e146be9-c76a-4720-bcdb-53011b87bd06.rhysida
|
PGP Secret Sub-key -
|
dropped
|
||
|
C:\ProgramData\Microsoft\Crypto\SystemKeys\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\DRM\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\DRM\Server\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Device Stage\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Device Stage\Device\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Device Stage\Task\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\DeviceSync\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\CustomTraceProfiles\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\Autologger\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\EventStore.db.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\EventTranscript\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\FeedbackHub\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\LocalTraceStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.rhysida
|
OpenPGP Public Key
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\Sideload\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\Siufloc\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\SoftLandingStage\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\Temp\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\osver.txt.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\Channels\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\DeviceStateData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\EdgeUpdate\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\EdgeUpdate\Log\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\IdentityCRL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\IdentityCRL\INT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\IdentityCRL\production\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\MF\Active.GRL.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\MF\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\MF\Pending.GRL.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\MapData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\NetFramework\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Connections\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb00001.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Office\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Provisioning\AssetCache\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Provisioning\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Search\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Search\Data\Applications\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Search\Data\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Search\Data\Temp\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Settings\Accounts\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Settings\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.rhysida
|
OpenPGP Public Key
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00001.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00002.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00003.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00001.jrs.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00002.jrs.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Spectrum\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Speech_OneCore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Storage Health\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\UEV\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\UEV\InboxTemplates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\UEV\Scripts\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\UEV\Templates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\guest.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user-192.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user-32.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user-40.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user-48.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Vault\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\WDF\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\WinMSIPC\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\WinMSIPC\Server\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Clean Store\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\DLPCache\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpavbase.vdm.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.lkg.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Features\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-AMFilter.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-NIS.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-Protection.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-RTP.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Antimalware-Service.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Microsoft-Windows-Windows Defender.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\Defender.psd1.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\DefenderPerformance.psd1.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpComputerStatus.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpRollback.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpScan.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreat.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreatCatalog.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpThreatDetection.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\Powershell\MSFT_MpWDOScan.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement.mof.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement_Uninstall.mof.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.chrome.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\com.microsoft.defender.be.firefox.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpAsDesc.dll.mui.rhysida
|
AIN archive data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\mpuxagent.dll.mui.rhysida
|
PGP Secret Sub-key -
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\MpAsDesc.dll.mui.rhysida
|
zlib compressed data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\is-IS\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mi-NZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mi-NZ\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mk-MK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mk-MK\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ne-NP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nn-NO\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nn-NO\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\or-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\or-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\ProtectionManagement.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\quz-PE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\quz-PE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ro-RO\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ro-RO\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ro-RO\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ug-CN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-AMFilter.man.rhysida
|
OpenPGP Public Key
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-NIS.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-Protection.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Microsoft-Antimalware-RTP.man.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\Defender.psd1.rhysida
|
Dyalog APL component file 32-bit non-journaled checksummed version -23.-74
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\DefenderPerformance.psd1.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpComputerStatus.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpRollback.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpScan.cdxml.rhysida
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreat.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreatCatalog.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpThreatDetection.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\Powershell\MSFT_MpWDOScan.cdxml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement.mof.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ProtectionManagement_Uninstall.mof.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ThirdPartyNotices.txt.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\com.microsoft.defender.be.chrome.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\com.microsoft.defender.be.firefox.json.rhysida
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lb-LU\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lo-LA\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lt-LT\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mi-NZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mi-NZ\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ml-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mr-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ms-MY\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ms-MY\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mt-MT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpAsDesc.dll.mui.rhysida
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nb-NO\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ne-NP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nl-NL\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nn-NO\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\nn-NO\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\or-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\or-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pa-IN\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pl-PL\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-BR\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\pt-PT\MpEvMsg.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\quz-PE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\quz-PE\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\MpAsDesc.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ro-RO\mpuxagent.dll.mui.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ru-RU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\sk-SK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Platform\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Quarantine\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\1.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0BDE9245-0887-4D0E-AF72-3F842A887930}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{12B0E5A4-D79A-45DF-838E-AC01484FC2C5}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17206FD8-D501-467A-8461-D4CD16DAE0D9}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21998843-E48C-4F95-BF9D-1FCCDB76BDF2}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{31A74449-CB37-4ECC-AFE0-BB17DBA5F0AC}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{33C6CC24-E296-48AA-89E2-3359996B62F5}.rhysida
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3658DEA2-07B4-45D2-A78D-DA364921E14A}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{37985AB5-E7D4-4674-920C-57A10432DE6D}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{483CFBC2-FDEC-448E-BE7B-F72AD070FECF}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4C7ED29D-4CA0-4B8A-A1B0-8771A4123396}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{51F47079-4C5B-4BCE-8B60-6ABDED8A93F5}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{53DDC43E-344A-49CD-ACDA-043ABC13F1FF}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{54549F8E-89BE-4739-997B-D56812117549}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{599816D5-203B-4199-9494-22E61188AB58}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6CD35735-DB6C-4841-B376-FEBE51AD17BD}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7DD535C1-E97A-4B92-BCD9-6D8E3F55FE8F}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7DE9C20C-810C-4780-AB50-C177DC64322C}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{858A509E-DE26-4DF0-A1D9-851F87E9EE9D}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8758D87E-A15A-445A-A288-6CCDE26F7BEA}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{94DB5E4F-5EEE-4E34-8316-B18D9F37D7EF}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9A7953A1-9662-4E5D-B006-4783161530D8}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A4734FC8-97E7-4F51-899B-0D7025015D57}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A526C3C7-CA18-4BF0-83F1-05F5669345A4}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A580CAD0-42EC-4BBA-9187-92A4165338C1}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B4E0C99D-A1B5-451C-8C4D-2FC579C5B5A2}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BC4BE93B-34FF-4463-AA89-69BFD3D84502}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C40F71FB-A0CD-46D7-A5AA-0E57C9BA9E1F}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CD57D4D7-887A-494B-A386-6BEC95671675}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E1B9783C-DB71-4AF1-ABC2-8D27E38456E4}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E2C80A90-4D8C-4F08-A24C-F5E7848A4E51}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F15AA7CB-B4A2-4646-9E16-EFA5C568D9AF}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F17E1538-D191-42A6-AC3C-0BC40F1F1C21}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F360F1F0-1516-4749-8FDA-56C0D526A6A0}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F78E9FD5-0E57-4E0A-A258-75A481ED8C93}.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3846C1B485BFA46E3AB54DFBE9D1DE49.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\56598B41F139620898884E49C611C148.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\81FE2459AB45799D6C1FB53DEEE30AF6.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\93BCA88018E5993458BC6BBE55D33E61.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\9BBF8E3725F51A366740AC59C8CBB345.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\A0137882FC829131E8629036339BD1FB.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C73297F3A28B41D0B045DECE1D0D81EF.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\f43c943a2b59adb36fc5e414ae9535e9c956a061.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.67.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.79.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.7C.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.7E.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.80.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.83.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.87.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5F2FFB7A31DBA078D8F948F77F0FE9B82BEB1559.bin.DB.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Snapshots\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Support\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20231003-085557.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Support\MPDeviceControl-20231003-122002.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-20231003-085557.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows NT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows NT\MSFax\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows NT\MSScan\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Security Health\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows Security Health\Logs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Templates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Microsoft\WwanSvc\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Package Cache\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Packages\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\SoftwareDistribution\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\USOShared\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.16caa157-0104-4e64-8f8c-7c8fd5951d48.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.1a04b852-7db4-46a4-84cb-d990091a3894.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.33b2baab-2261-40ad-b17c-713201f86ea0.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.3fdc7f05-d26e-4587-8b94-fa5e29ed0081.1.etl.rhysida
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.4fa1bdc4-720d-4546-9fa1-fa259eb6adef.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.888877b0-eef3-4161-ad6d-d371e3b04ab6.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.a1003f65-fa9f-4768-b0fb-cd4df8e1d492.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.a7640f50-9db7-467a-9920-fc21cd13d425.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.b8626ad4-4f63-4dc4-af99-58ea79aa87bd.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.bb427698-9875-4e5c-be03-9819823eee04.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotificationUx.f68e538d-b50b-4d1f-be15-e36c9ff1b3dd.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.1d47542d-bdee-4dc6-94ed-be9cdb6f14e1.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.67407eea-4adb-40e6-b358-6409a200031f.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.770ee1f8-6006-407f-8527-9514890250e6.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.a821f645-76e8-4ba9-965c-60ad931c30ce.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.b2be58b5-84df-4c59-876b-421f8336475d.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.b86f2b8a-60cb-4dd4-bb34-50e2f1ddbaae.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.d8c82019-db5a-4922-9c4d-8b8f3ff15e9f.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.d9261b8a-d5e2-42ed-ab32-cd2fab1962fc.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.e99a38d9-255f-44d4-9ce1-275e8cf23855.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.f4d4c9b8-57b5-43ca-ab7a-5d857e7666b9.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\User\NotifyIcon.fbe50464-f61d-4a15-a5b7-ed239a079807.1.etl.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\WindowsHolographicDevices\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\WindowsHolographicDevices\SpatialStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\_curlrc.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\dbg\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\regid.1991-06.com.microsoft\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\ssh\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\Users\Public\Desktop\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\Users\Public\Documents\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\Users\Public\Music\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\Users\Public\Pictures\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\Users\Public\Videos\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0094dc2c-2676-41cb-b1f4-ab5ea103422a.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies
|
SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF533804.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL
|
SQLite 3.x database, last written using SQLite version 3039003, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e7e9a23e-02ea-4b44-b89e-9d6befc6ed5d.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\c22a1752-a9a5-422a-b92b-51522ae62e75.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002155213Z-441.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2256
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.2256
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI25332.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gnodfajn.afr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t4zemhtr.mgd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9atwrpv_1dm3d84_1qo.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\3585272a-a84f-48a6-9f1d-65e98f91cc13.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\467acdf6-a64b-472c-9152-5d9b5cbe5b3b.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\9e7af43b-bf98-4596-890e-ede1dc0da262.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\e4531011-4d89-4c67-841a-286b0fcb0aad.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
There are 1041 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Iir6rxs8r6.exe
|
"C:\Users\user\Desktop\Iir6rxs8r6.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg delete "HKCU\Contol Panel\Desktop" /v Wallpaper /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg delete "HKCU\Contol Panel\Desktop" /v Wallpaper /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg delete "HKCU\Contol Panel\Desktop" /v Wallpaper /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg delete "HKCU\Conttol Panel\Desktop" /v WallpaperStyle /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg delete "HKCU\Conttol Panel\Desktop" /v WallpaperStyle /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg delete "HKCU\Conttol Panel\Desktop" /v WallpaperStyle /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop"
/v NoChangingWallPaper /t REG_SZ /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_SZ
/d 1 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_SZ /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop"
/v NoChangingWallPaper /t REG_SZ /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_SZ
/d 1 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_SZ /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg"
/f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg" /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg" /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper
/t REG_SZ /d "C:\Users\Public\bg.jpg" /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg"
/f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg"
/f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v WallpaperStyle
/t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c rundll32.exe user32.dll,UpdatePerUserSystemParameters
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c start powershell.exe -WindowStyle Hidden -Command "Sleep -Milliseconds 1000; schtasks
/delete /tn Rhsd /f;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c start powershell.exe -WindowStyle Hidden -Command "Sleep -Milliseconds 1000; schtasks /delete /tn Rhsd /f;"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -WindowStyle Hidden -Command "Sleep -Milliseconds 1000; schtasks /delete /tn Rhsd /f;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c start ping 127.0.0.1 -n 2 > nul && del /f /q "C:\Users\user\Desktop\C:\Users\user\Desktop\Iir6rxs8r6.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c start ping 127.0.0.1 -n 2
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping 127.0.0.1 -n 2
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\system32\schtasks.exe" /delete /tn Rhsd /f
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CriticalBreachDetected.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104
--field-trial-handle=1616,i,3413580249765337229,1280072705313980885,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe user32.dll,UpdatePerUserSystemParameters
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 40 hidden processes, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
x1.i.lencr.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
23.51.56.185
|
unknown
|
United States
|
||
|
52.5.13.197
|
unknown
|
United States
|
||
|
96.17.64.189
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Control Panel\Desktop
|
Wallpaper
|
|
|
|
HKEY_CURRENT_USER\Control Panel\Desktop
|
WallpaperStyle
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
|
NoChangingWallPaper
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
|
NoChangingWallPaper
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
Wallpaper
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
WallpaperStyle
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
|
Blob
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4B69000
|
heap
|
page read and write
|
||
|
4A5D000
|
heap
|
page read and write
|
||
|
510F000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
3E81000
|
heap
|
page read and write
|
||
|
4044000
|
heap
|
page read and write
|
||
|
4B6F000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
978000
|
heap
|
page read and write
|
||
|
39B5000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
1FB1F967000
|
heap
|
page read and write
|
||
|
F5000
|
heap
|
page read and write
|
||
|
4B62000
|
heap
|
page read and write
|
||
|
4F8B000
|
heap
|
page read and write
|
||
|
3EEF37F000
|
stack
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
1D6E38F0000
|
heap
|
page read and write
|
||
|
1CD3E777000
|
heap
|
page read and write
|
||
|
4D84000
|
heap
|
page read and write
|
||
|
10B000
|
heap
|
page read and write
|
||
|
5447000
|
heap
|
page read and write
|
||
|
20645110000
|
heap
|
page read and write
|
||
|
4C77000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
4B6F000
|
heap
|
page read and write
|
||
|
2914A5A5000
|
heap
|
page read and write
|
||
|
4F9D000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
4EE9000
|
heap
|
page read and write
|
||
|
4D55000
|
heap
|
page read and write
|
||
|
3DCA000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
4EFB000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
A91000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
39E3000
|
heap
|
page read and write
|
||
|
97A000
|
heap
|
page read and write
|
||
|
6A5547F000
|
stack
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
2C14000
|
heap
|
page read and write
|
||
|
4CD5000
|
heap
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
5695000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
42DA000
|
heap
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
4068000
|
heap
|
page read and write
|
||
|
4B6E000
|
heap
|
page read and write
|
||
|
1D6E38F8000
|
heap
|
page read and write
|
||
|
19B64210000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
4B61000
|
heap
|
page read and write
|
||
|
2524000
|
heap
|
page read and write
|
||
|
A94000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
4B6E000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
4C8F000
|
heap
|
page read and write
|
||
|
4A5D000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
3A5BE7F000
|
stack
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
4B61000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
2C4E000
|
heap
|
page read and write
|
||
|
4D89000
|
heap
|
page read and write
|
||
|
2914A410000
|
heap
|
page read and write
|
||
|
32C2000
|
heap
|
page read and write
|
||
|
C940FE000
|
stack
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
3F98000
|
heap
|
page read and write
|
||
|
17306368000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
11C000
|
heap
|
page read and write
|
||
|
3136000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
15940A80000
|
heap
|
page read and write
|
||
|
3A6A000
|
heap
|
page read and write
|
||
|
3A9D000
|
heap
|
page read and write
|
||
|
3946000
|
heap
|
page read and write
|
||
|
280C000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
4C8B000
|
heap
|
page read and write
|
||
|
114000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
4FC1000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
4A56000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
5755000
|
heap
|
page read and write
|
||
|
5121000
|
heap
|
page read and write
|
||
|
3A48000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
10A000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
4A9A000
|
heap
|
page read and write
|
||
|
4BF7000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
4B62000
|
heap
|
page read and write
|
||
|
A97000
|
heap
|
page read and write
|
||
|
529B000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
42A2000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
40F4000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
5145000
|
heap
|
page read and write
|
||
|
18518130000
|
heap
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
5281000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
10D000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
36BD000
|
heap
|
page read and write
|
||
|
4C5B000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
4C7E000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
119000
|
heap
|
page read and write
|
||
|
2391000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
3FBC000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
A89000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
4A51000
|
heap
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
3E16000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
118000
|
heap
|
page read and write
|
||
|
246B000
|
heap
|
page read and write
|
||
|
4C8E000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
3B1F000
|
heap
|
page read and write
|
||
|
38BD000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
A94000
|
heap
|
page read and write
|
||
|
388D000
|
heap
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
5A2F000
|
heap
|
page read and write
|
||
|
5343000
|
heap
|
page read and write
|
||
|
104000
|
heap
|
page read and write
|
||
|
A99000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
280E000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
86F000
|
heap
|
page read and write
|
||
|
5459000
|
heap
|
page read and write
|
||
|
4D83000
|
heap
|
page read and write
|
||
|
1F327CB0000
|
heap
|
page read and write
|
||
|
3E6F000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
56A9000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
280C000
|
heap
|
page read and write
|
||
|
4A5B000
|
heap
|
page read and write
|
||
|
46D000
|
unkown
|
page read and write
|
||
|
173066C0000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
A84000
|
heap
|
page read and write
|
||
|
18518138000
|
heap
|
page read and write
|
||
|
3E5D000
|
heap
|
page read and write
|
||
|
4B4F000
|
heap
|
page read and write
|
||
|
4B07000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
4E29000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
4241000
|
heap
|
page read and write
|
||
|
4A5F000
|
heap
|
page read and write
|
||
|
30B2000
|
heap
|
page read and write
|
||
|
4B6C000
|
heap
|
page read and write
|
||
|
4C7C000
|
heap
|
page read and write
|
||
|
238C000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
3EE6000
|
heap
|
page read and write
|
||
|
4E0F000
|
heap
|
page read and write
|
||
|
4B6D000
|
heap
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
266E000
|
heap
|
page read and write
|
||
|
5615000
|
heap
|
page read and write
|
||
|
390C000
|
heap
|
page read and write
|
||
|
4A56000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
4BA7000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
5599000
|
heap
|
page read and write
|
||
|
41E7000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
5A2F000
|
heap
|
page read and write
|
||
|
547D000
|
heap
|
page read and write
|
||
|
4C74000
|
heap
|
page read and write
|
||
|
4B6A000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
3136000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
4CFD000
|
heap
|
page read and write
|
||
|
F8F7BC000
|
stack
|
page read and write
|
||
|
5563000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
50C7000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
A96000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
579E000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
4A5E000
|
heap
|
page read and write
|
||
|
52BF000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
3770000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
5157000
|
heap
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
97A000
|
heap
|
page read and write
|
||
|
4AE3000
|
heap
|
page read and write
|
||
|
26C2000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
107000
|
heap
|
page read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
5743000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
F2000
|
heap
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
565F000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
4BC1000
|
heap
|
page read and write
|
||
|
23AB000
|
heap
|
page read and write
|
||
|
51D3000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
4C74000
|
heap
|
page read and write
|
||
|
2914A2F9000
|
heap
|
page read and write
|
||
|
407A000
|
heap
|
page read and write
|
||
|
4A5D000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
4B62000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
862000
|
heap
|
page read and write
|
||
|
2892000
|
heap
|
page read and write
|
||
|
FF000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
4B69000
|
heap
|
page read and write
|
||
|
5531000
|
heap
|
page read and write
|
||
|
553B000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
4150000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
5215000
|
heap
|
page read and write
|
||
|
3AD6000
|
heap
|
page read and write
|
||
|
5671000
|
heap
|
page read and write
|
||
|
3F60000
|
heap
|
page read and write
|
||
|
2D6F000
|
heap
|
page read and write
|
||
|
BD7000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
584D000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
5603000
|
heap
|
page read and write
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
2AC2000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
18518090000
|
heap
|
page read and write
|
||
|
4B65000
|
heap
|
page read and write
|
||
|
3826000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
862000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
56CD000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
3EEF2FE000
|
stack
|
page read and write
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
24E2000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
3796000
|
heap
|
page read and write
|
||
|
3497000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
3D30000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
37FE000
|
heap
|
page read and write
|
||
|
114000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
32C2000
|
heap
|
page read and write
|
||
|
551F000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
5035000
|
heap
|
page read and write
|
||
|
4A51000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
4C13000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
4D86000
|
heap
|
page read and write
|
||
|
4C74000
|
heap
|
page read and write
|
||
|
3D26000
|
heap
|
page read and write
|
||
|
4E4D000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
4B65000
|
heap
|
page read and write
|
||
|
10E000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
4F1F000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
4A5D000
|
heap
|
page read and write
|
||
|
40C0000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
4B75000
|
heap
|
page read and write
|
||
|
173062E0000
|
heap
|
page read and write
|
||
|
4B64000
|
heap
|
page read and write
|
||
|
86F000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
65360FF000
|
stack
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
518D000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
E7000
|
heap
|
page read and write
|
||
|
A96000
|
heap
|
page read and write
|
||
|
4A51000
|
heap
|
page read and write
|
||
|
4C77000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
54C7000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
2C1B000
|
heap
|
page read and write
|
||
|
3A7C000
|
heap
|
page read and write
|
||
|
3C28000
|
heap
|
page read and write
|
||
|
4C7D000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
FD000
|
heap
|
page read and write
|
||
|
86F000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
4E5F000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page write copy
|
||
|
864000
|
heap
|
page read and write
|
||
|
4C79000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
18518470000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
52E9000
|
heap
|
page read and write
|
||
|
4C01000
|
heap
|
page read and write
|
||
|
577B000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
5A2F000
|
heap
|
page read and write
|
||
|
554D000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
1CD3E700000
|
heap
|
page read and write
|
||
|
4C75000
|
heap
|
page read and write
|
||
|
38FA000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
3661000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
4B66000
|
heap
|
page read and write
|
||
|
36AB000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
2AC2000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
2C14000
|
heap
|
page read and write
|
||
|
412A000
|
heap
|
page read and write
|
||
|
1CD3EAB5000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
1CD3EAB0000
|
heap
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
4B6C000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
246B000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
50A3000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
4A58000
|
heap
|
page read and write
|
||
|
4A5C000
|
heap
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
4A59000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
4D83000
|
heap
|
page read and write
|
||
|
1D6E3CA0000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
4A5F000
|
heap
|
page read and write
|
||
|
24A1000
|
heap
|
page read and write
|
||
|
44C000
|
unkown
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
42C4000
|
heap
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
548F000
|
heap
|
page read and write
|
||
|
3991000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
3A5BB4D000
|
stack
|
page read and write
|
||
|
42F1000
|
heap
|
page read and write
|
||
|
44D000
|
unkown
|
page write copy
|
||
|
A93000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
F3000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
3ABC000
|
heap
|
page read and write
|
||
|
15940B69000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
3DEE000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
41D5000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
4F31000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
4A5A000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
5411000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
4C37000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
5367000
|
heap
|
page read and write
|
||
|
2C92000
|
heap
|
page read and write
|
||
|
4B67000
|
heap
|
page read and write
|
||
|
5715000
|
heap
|
page read and write
|
||
|
5A2D000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
11A000
|
heap
|
page read and write
|
||
|
4B6B000
|
heap
|
page read and write
|
||
|
2C92000
|
heap
|
page read and write
|
||
|
4B68000
|
heap
|
page read and write
|
||
|
413E000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
4A5B000
|
heap
|
page read and write
|
||
|
531F000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
3E29000
|
heap
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
108000
|
heap
|
page read and write
|
||
|
6535DCD000
|
stack
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
4A5F000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
4E8D000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
5683000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
4D8B000
|
heap
|
page read and write
|
||
|
5A2F000
|
heap
|
page read and write
|
||
|
42AD000
|
heap
|
page read and write
|
||
|
3922000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4E7B000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
20645017000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
4A59000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
39D9000
|
heap
|
page read and write
|
||
|
4A59000
|
heap
|
page read and write
|
||
|
4A56000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
4ED5000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
5091000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
3E00000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
4BE5000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
56BB000
|
heap
|
page read and write
|
||
|
3033000
|
heap
|
page read and write
|
||
|
4D93000
|
heap
|
page read and write
|
||
|
564D000
|
heap
|
page read and write
|
||
|
2C1B000
|
heap
|
page read and write
|
||
|
5047000
|
heap
|
page read and write
|
||
|
4A59000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
4C7D000
|
heap
|
page read and write
|
||
|
4B6F000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
55AB000
|
heap
|
page read and write
|
||
|
4A5C000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
455000
|
unkown
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
A84000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
4A5A000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
1F327940000
|
heap
|
page read and write
|
||
|
5703000
|
heap
|
page read and write
|
||
|
3BE2000
|
heap
|
page read and write
|
||
|
51E7000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
505B000
|
heap
|
page read and write
|
||
|
405E000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
3C77000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
3838000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
4163000
|
heap
|
page read and write
|
||
|
4282000
|
heap
|
page read and write
|
||
|
15940B60000
|
heap
|
page read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
A97000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
108000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
19B64267000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
4B6C000
|
heap
|
page read and write
|
||
|
4B69000
|
heap
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
104000
|
heap
|
page read and write
|
||
|
4A58000
|
heap
|
page read and write
|
||
|
862000
|
heap
|
page read and write
|
||
|
4A88000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
4B6A000
|
heap
|
page read and write
|
||
|
303A000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
4CCDB2C000
|
stack
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
869000
|
heap
|
page read and write
|
||
|
A9F000
|
heap
|
page read and write
|
||
|
526D000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
15940CF5000
|
heap
|
page read and write
|
||
|
4B64000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
3E3B000
|
heap
|
page read and write
|
||
|
4D86000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
4D8E000
|
heap
|
page read and write
|
||
|
2914A2F0000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
51B1000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
4B83000
|
heap
|
page read and write
|
||
|
4A52000
|
heap
|
page read and write
|
||
|
114000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
5423000
|
heap
|
page read and write
|
||
|
18518475000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
4B64000
|
heap
|
page read and write
|
||
|
CB000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
3C3B000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
5023000
|
heap
|
page read and write
|
||
|
A97000
|
heap
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
4C79000
|
heap
|
page read and write
|
||
|
4F53000
|
heap
|
page read and write
|
||
|
4A5A000
|
heap
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
3AE8000
|
heap
|
page read and write
|
||
|
4B65000
|
heap
|
page read and write
|
||
|
4C8F000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
1FB1FCC0000
|
heap
|
page read and write
|
||
|
3AFB000
|
heap
|
page read and write
|
||
|
41A1000
|
heap
|
page read and write
|
||
|
869000
|
heap
|
page read and write
|
||
|
54FD000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
4B62000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
2554000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
5395000
|
heap
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
FC000
|
heap
|
page read and write
|
||
|
4356000
|
heap
|
page read and write
|
||
|
34D2000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
3EB1000
|
heap
|
page read and write
|
||
|
4A5D000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
4A74000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
A84000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
4CCB000
|
heap
|
page read and write
|
||
|
108000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
50EB000
|
heap
|
page read and write
|
||
|
4C6D000
|
heap
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
290E000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
19B64490000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
5259000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
3CBF8FF000
|
stack
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
23EB000
|
heap
|
page read and write
|
||
|
3C63000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
A89000
|
heap
|
page read and write
|
||
|
4335000
|
heap
|
page read and write
|
||
|
1D6E3880000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
583A000
|
heap
|
page read and write
|
||
|
11B000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
4DA7000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
97A000
|
heap
|
page read and write
|
||
|
185180A0000
|
heap
|
page read and write
|
||
|
2C4E000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
2914A200000
|
heap
|
page read and write
|
||
|
1D6E3CA5000
|
heap
|
page read and write
|
||
|
54EB000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
4EB1000
|
heap
|
page read and write
|
||
|
40A8000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
4A5E000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
37AE000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
105000
|
heap
|
page read and write
|
||
|
4C75000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
55BD000
|
heap
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
1F327840000
|
heap
|
page read and write
|
||
|
361A000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
4D0F000
|
heap
|
page read and write
|
||
|
37C8000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
1CD3E720000
|
heap
|
page read and write
|
||
|
4A5F000
|
heap
|
page read and write
|
||
|
4118000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
23AB000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
4D88000
|
heap
|
page read and write
|
||
|
20644FE0000
|
heap
|
page read and write
|
||
|
4B6D000
|
heap
|
page read and write
|
||
|
20645290000
|
heap
|
page read and write
|
||
|
530D000
|
heap
|
page read and write
|
||
|
67C000
|
stack
|
page read and write
|
||
|
4B63000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
1D6E38A0000
|
heap
|
page read and write
|
||
|
3D42000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
456000
|
unkown
|
page readonly
|
||
|
387B000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
55F1000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
4A62000
|
heap
|
page read and write
|
||
|
293D000
|
heap
|
page read and write
|
||
|
4213000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
C9417F000
|
stack
|
page read and write
|
||
|
1000FE000
|
stack
|
page read and write
|
||
|
A93000
|
heap
|
page read and write
|
||
|
53DD000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
BD8000
|
heap
|
page read and write
|
||
|
98D000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
23AC000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
27D4000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
3602000
|
heap
|
page read and write
|
||
|
87B000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
1FB1F8F0000
|
heap
|
page read and write
|
||
|
2C92000
|
heap
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
4A53000
|
heap
|
page read and write
|
||
|
4AF5000
|
heap
|
page read and write
|
||
|
4A5F000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
A8C000
|
heap
|
page read and write
|
||
|
4A59000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
A84000
|
heap
|
page read and write
|
||
|
F6000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
3F3C000
|
heap
|
page read and write
|
||
|
4D84000
|
heap
|
page read and write
|
||
|
397F000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
80000
|
heap
|
page read and write
|
||
|
4329000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
185180C0000
|
heap
|
page read and write
|
||
|
C0F467E000
|
stack
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
4A5C000
|
heap
|
page read and write
|
||
|
4D8F000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
3C4D000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
FF000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
2914A3F0000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
53CB000
|
heap
|
page read and write
|
||
|
4B6E000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
1F3279C0000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
349C000
|
heap
|
page read and write
|
||
|
114000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
A8C000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
F4000
|
heap
|
page read and write
|
||
|
4031000
|
heap
|
page read and write
|
||
|
456000
|
unkown
|
page readonly
|
||
|
17306360000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
107000
|
heap
|
page read and write
|
||
|
38AB000
|
heap
|
page read and write
|
||
|
585F000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
117000
|
heap
|
page read and write
|
||
|
4C74000
|
heap
|
page read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
4B67000
|
heap
|
page read and write
|
||
|
4A57000
|
heap
|
page read and write
|
||
|
1FB1FCC5000
|
heap
|
page read and write
|
||
|
44C000
|
unkown
|
page write copy
|
||
|
862000
|
heap
|
page read and write
|
||
|
39C7000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
4A57000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
3B55000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
11A000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
20645295000
|
heap
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
53FF000
|
heap
|
page read and write
|
||
|
3DA6000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
A9D000
|
heap
|
page read and write
|
||
|
978000
|
heap
|
page read and write
|
||
|
54B3000
|
heap
|
page read and write
|
||
|
C9407D000
|
stack
|
page read and write
|
||
|
4B7B000
|
heap
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
4AAD000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
3196000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
4A53000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
A9F000
|
heap
|
page read and write
|
||
|
869000
|
heap
|
page read and write
|
||
|
4D92000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
475000
|
unkown
|
page write copy
|
||
|
3B83000
|
heap
|
page read and write
|
||
|
4A58000
|
heap
|
page read and write
|
||
|
A9E000
|
heap
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
266E000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
A84000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
50B5000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
4DB5000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
41F9000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
4CCDE7E000
|
stack
|
page read and write
|
||
|
FC000
|
heap
|
page read and write
|
||
|
2C51000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
A9E000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
19B64260000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
A9C000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
3EEF27D000
|
stack
|
page read and write
|
||
|
4FAF000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
4A52000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
4B63000
|
heap
|
page read and write
|
||
|
375A000
|
heap
|
page read and write
|
||
|
4313000
|
heap
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
4D87000
|
heap
|
page read and write
|
||
|
1CD3E9C0000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
4A59000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
4297000
|
heap
|
page read and write
|
||
|
5871000
|
heap
|
page read and write
|
||
|
3868000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
2D58000
|
heap
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
A9F000
|
heap
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
370F000
|
heap
|
page read and write
|
||
|
3F74000
|
heap
|
page read and write
|
||
|
3DB8000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
4F0D000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
3CB6000
|
heap
|
page read and write
|
||
|
3736000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
989000
|
heap
|
page read and write
|
||
|
436E000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
4B6E000
|
heap
|
page read and write
|
||
|
581D000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
384B000
|
heap
|
page read and write
|
||
|
19B64495000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
1CD3E6F0000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
173062D0000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
4B74000
|
heap
|
page read and write
|
||
|
C6000
|
heap
|
page read and write
|
||
|
5A2F000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
5A2F000
|
heap
|
page read and write
|
||
|
4A51000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
3F86000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
5585000
|
heap
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
4A52000
|
heap
|
page read and write
|
||
|
1F3279C8000
|
heap
|
page read and write
|
||
|
3FE2000
|
heap
|
page read and write
|
||
|
4D8E000
|
heap
|
page read and write
|
||
|
97A000
|
heap
|
page read and write
|
||
|
1D6E3870000
|
heap
|
page read and write
|
||
|
4225000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
5883000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
5383000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
323E000
|
heap
|
page read and write
|
||
|
5A2F000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
4A52000
|
heap
|
page read and write
|
||
|
323E000
|
heap
|
page read and write
|
||
|
4B6B000
|
heap
|
page read and write
|
||
|
15940C80000
|
heap
|
page read and write
|
||
|
4E9F000
|
heap
|
page read and write
|
||
|
434B000
|
heap
|
page read and write
|
||
|
4DA7000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
4CE7000
|
heap
|
page read and write
|
||
|
4C71000
|
heap
|
page read and write
|
||
|
53B9000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
2388000
|
heap
|
page read and write
|
||
|
4B69000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
19B641F0000
|
heap
|
page read and write
|
||
|
52AD000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
4A56000
|
heap
|
page read and write
|
||
|
6A5518C000
|
stack
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
3EC3000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
118000
|
heap
|
page read and write
|
||
|
23CB000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
41B3000
|
heap
|
page read and write
|
||
|
4A5A000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
4A5C000
|
heap
|
page read and write
|
||
|
20644F00000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
F2000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
10017F000
|
stack
|
page read and write
|
||
|
35BE000
|
heap
|
page read and write
|
||
|
2D16000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
506D000
|
heap
|
page read and write
|
||
|
4A52000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
5A2F000
|
heap
|
page read and write
|
||
|
3A13000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
5203000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
4106000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
4C73000
|
heap
|
page read and write
|
||
|
173066C4000
|
heap
|
page read and write
|
||
|
862000
|
heap
|
page read and write
|
||
|
4237000
|
heap
|
page read and write
|
||
|
36DE000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
6A554FF000
|
stack
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
4B64000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
4B62000
|
heap
|
page read and write
|
||
|
A84000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
978000
|
heap
|
page read and write
|
||
|
A98000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
39A3000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
117000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
2CD4000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
17306300000
|
heap
|
page read and write
|
||
|
1FB1F920000
|
heap
|
page read and write
|
||
|
20645010000
|
heap
|
page read and write
|
||
|
4E9B000
|
heap
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
4D83000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
F3000
|
heap
|
page read and write
|
||
|
98D000
|
heap
|
page read and write
|
||
|
10007D000
|
stack
|
page read and write
|
||
|
5169000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
4C8F000
|
heap
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
3CA3000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
4A5B000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
15940C60000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
38CF000
|
heap
|
page read and write
|
||
|
4A5F000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
4D33000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
4B63000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
108000
|
heap
|
page read and write
|
||
|
4A56000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
56DF000
|
heap
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
5806000
|
heap
|
page read and write
|
||
|
86F000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
26C2000
|
heap
|
page read and write
|
||
|
3BA8000
|
heap
|
page read and write
|
||
|
3FAA000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
55DF000
|
heap
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
1F327CB5000
|
heap
|
page read and write
|
||
|
3B0D000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
40D2000
|
heap
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
86F000
|
heap
|
page read and write
|
||
|
5629000
|
heap
|
page read and write
|
||
|
A8C000
|
heap
|
page read and write
|
||
|
3CBF5FB000
|
stack
|
page read and write
|
||
|
4A57000
|
heap
|
page read and write
|
||
|
4B68000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
4B3D000
|
heap
|
page read and write
|
||
|
FC000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
3934000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
418F000
|
heap
|
page read and write
|
||
|
42FC000
|
heap
|
page read and write
|
||
|
5331000
|
heap
|
page read and write
|
||
|
4B6F000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
A91000
|
heap
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
400D000
|
heap
|
page read and write
|
||
|
1CD3E77F000
|
heap
|
page read and write
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
3C06000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
3DDC000
|
heap
|
page read and write
|
||
|
19B64110000
|
heap
|
page read and write
|
||
|
54D9000
|
heap
|
page read and write
|
||
|
2916000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
30B2000
|
heap
|
page read and write
|
||
|
4A57000
|
heap
|
page read and write
|
||
|
3F24000
|
heap
|
page read and write
|
||
|
4C49000
|
heap
|
page read and write
|
||
|
52FB000
|
heap
|
page read and write
|
||
|
3BF4000
|
heap
|
page read and write
|
||
|
409E000
|
heap
|
page read and write
|
||
|
4EC3000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
4D6F000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
52D7000
|
heap
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
3C91000
|
heap
|
page read and write
|
||
|
4A52000
|
heap
|
page read and write
|
||
|
15940CF0000
|
heap
|
page read and write
|
||
|
280F000
|
heap
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
4F67000
|
heap
|
page read and write
|
||
|
4A5F000
|
heap
|
page read and write
|
||
|
4FE5000
|
heap
|
page read and write
|
||
|
4D8E000
|
heap
|
page read and write
|
||
|
3B43000
|
heap
|
page read and write
|
||
|
4B67000
|
heap
|
page read and write
|
||
|
3784000
|
heap
|
page read and write
|
||
|
4C7E000
|
heap
|
page read and write
|
||
|
4C7C000
|
heap
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
A9F000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
57E2000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
4D83000
|
heap
|
page read and write
|
||
|
53A7000
|
heap
|
page read and write
|
||
|
3CED000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
4C82000
|
heap
|
page read and write
|
||
|
4C7E000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
F8FA7F000
|
stack
|
page read and write
|
||
|
4C77000
|
heap
|
page read and write
|
||
|
3B31000
|
heap
|
page read and write
|
||
|
4B6D000
|
heap
|
page read and write
|
||
|
426A000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
3699000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
2916000
|
heap
|
page read and write
|
||
|
E4000
|
heap
|
page read and write
|
||
|
F5000
|
heap
|
page read and write
|
||
|
3E9E000
|
heap
|
page read and write
|
||
|
5019000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
546B000
|
heap
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
3748000
|
heap
|
page read and write
|
||
|
4BD3000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
118000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
4A5C000
|
heap
|
page read and write
|
||
|
5435000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
3FD0000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
4A52000
|
heap
|
page read and write
|
||
|
239B000
|
heap
|
page read and write
|
||
|
4C76000
|
heap
|
page read and write
|
||
|
978000
|
heap
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
1FB1F960000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
4A56000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
3F0A000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
A84000
|
heap
|
page read and write
|
||
|
42E6000
|
heap
|
page read and write
|
||
|
3B95000
|
heap
|
page read and write
|
||
|
3A5BBCE000
|
stack
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
1F327920000
|
heap
|
page read and write
|
||
|
3CBF87F000
|
unkown
|
page read and write
|
||
|
C0F43CD000
|
stack
|
page read and write
|
||
|
869000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
28D4000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
5247000
|
heap
|
page read and write
|
||
|
50FD000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
F5000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
507F000
|
heap
|
page read and write
|
||
|
4AD1000
|
heap
|
page read and write
|
||
|
4FD3000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
35D8000
|
heap
|
page read and write
|
||
|
4CCDBAE000
|
stack
|
page read and write
|
||
|
5133000
|
heap
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
517B000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
290C000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
862000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
A8C000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
2914A5A0000
|
heap
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
869000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
3A35000
|
heap
|
page read and write
|
||
|
3499000
|
heap
|
page read and write
|
||
|
86F000
|
heap
|
page read and write
|
||
|
240B000
|
heap
|
page read and write
|
||
|
3673000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
A99000
|
heap
|
page read and write
|
||
|
C0F46FF000
|
stack
|
page read and write
|
||
|
3649000
|
heap
|
page read and write
|
||
|
4B95000
|
heap
|
page read and write
|
||
|
119000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
571F000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
34A3000
|
heap
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
3BBA000
|
heap
|
page read and write
|
||
|
54A1000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
56F1000
|
heap
|
page read and write
|
||
|
987000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
36F5000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
4C25000
|
heap
|
page read and write
|
||
|
5731000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
3D10000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
3F4E000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
4B6E000
|
heap
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
979000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
F8FAFF000
|
stack
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
F2000
|
heap
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
5007000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
5A2F000
|
heap
|
page read and write
|
||
|
2384000
|
heap
|
page read and write
|
||
|
3178000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
4A5F000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
1FB1F900000
|
heap
|
page read and write
|
||
|
244B000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
98B000
|
heap
|
page read and write
|
||
|
4B64000
|
heap
|
page read and write
|
||
|
F4000
|
heap
|
page read and write
|
||
|
4ABF000
|
heap
|
page read and write
|
||
|
37E0000
|
heap
|
page read and write
|
||
|
3E93000
|
heap
|
page read and write
|
||
|
869000
|
heap
|
page read and write
|
||
|
10D000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
57F4000
|
heap
|
page read and write
|
||
|
4A5F000
|
heap
|
page read and write
|
||
|
4B19000
|
heap
|
page read and write
|
||
|
F9000
|
heap
|
page read and write
|
||
|
118000
|
heap
|
page read and write
|
||
|
4D88000
|
heap
|
page read and write
|
||
|
38E8000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
519F000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
27CC000
|
heap
|
page read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
11A000
|
heap
|
page read and write
|
||
|
3810000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
4A56000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
3B5F000
|
heap
|
page read and write
|
||
|
293D000
|
heap
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
3CC8000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
653607E000
|
stack
|
page read and write
|
||
|
242B000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
563B000
|
heap
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
4A5D000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
4B2B000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
5379000
|
heap
|
page read and write
|
||
|
3EF8000
|
heap
|
page read and write
|
||
|
1CD3E770000
|
heap
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
F2000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
5769000
|
heap
|
page read and write
|
There are 1565 hidden memdumps, click here to show them.