Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
JIar3KCVf6.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\$WinREAgent\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\$WinREAgent\Scratch\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Adobe\ARM\Acrobat_23.006.20320\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Adobe\ARM\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Adobe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft OneDrive\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft OneDrive\setup\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\AppV\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\AppV\Setup\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\UserData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Crypto\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Crypto\DSS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Crypto\Keys\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Crypto\PCPKSP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Crypto\RSA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Crypto\SystemKeys\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DRM\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DRM\Server\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Device Stage\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Device Stage\Device\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Device Stage\Task\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DeviceSync\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\CustomTraceProfiles\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\Autologger\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\EventStore.db.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\EventTranscript\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\FeedbackHub\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\LocalTraceStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\EventStore.db.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Sideload\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Siufloc\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\SoftLandingStage\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\SoftLanding\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Temp\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_alternativeTrace\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_aot\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_diag\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_miniTrace\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\EventStore.db.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Diagnosis\TimeTravelDebuggingStorage\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\Channels\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\DiagnosticLogCSP\DeviceStateData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\EdgeUpdate\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\EdgeUpdate\Log\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\IdentityCRL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\IdentityCRL\INT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\IdentityCRL\production\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\MF\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\MapData\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\NetFramework\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Connections\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Office\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Provisioning\AssetCache\CellularUx\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Provisioning\AssetCache\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Provisioning\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Search\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Search\Data\Applications\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Search\Data\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Search\Data\Temp\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Settings\Accounts\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Settings\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00001.log.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00002.log.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb00003.log.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00001.jrs.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00002.jrs.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbtmp.log.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Spectrum\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Speech_OneCore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Storage Health\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\UEV\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\UEV\InboxTemplates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\UEV\Scripts\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\UEV\Templates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\User Account Pictures\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.rhysida
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Vault\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\WDF\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\WinMSIPC\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\WinMSIPC\Server\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Clean Store\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\DLPCache\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\DLPCache\FileEvidence\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\DLPCache\NetworkFilesMappingStubs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Features\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\af-ZA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\am-ET\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ar-SA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\as-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bg-BG\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\bn-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ca-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cs-CZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\cy-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\da-DK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\de-DE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\el-GR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\en-US\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\es-MX\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\et-EE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\eu-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fa-IR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fi-FI\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fil-PH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-CA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\fr-FR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ga-IE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gd-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gl-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\gu-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\he-IL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hi-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hr-HR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\hu-HU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\id-ID\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\is-IS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\it-IT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ja-JP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ka-GE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kk-KZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\km-KH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kn-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ko-KR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\kok-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lb-LU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lo-LA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lt-LT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\lv-LV\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mi-NZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mk-MK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ml-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mr-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ms-MY\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mt-MT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nb-NO\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ne-NP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nl-NL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\nn-NO\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\or-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pa-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pl-PL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-BR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\pt-PT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\quz-PE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ro-RO\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ru-RU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sk-SK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sl-SI\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sq-AL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\sv-SE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ta-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\te-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\th-TH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tr-TR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\tt-RU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ug-CN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\uk-UA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ur-PK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\vi-VN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-CN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\zh-TW\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\af-ZA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\am-ET\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ar-SA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\as-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bg-BG\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\bn-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ca-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cs-CZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\cy-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\da-DK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\de-DE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\el-GR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\en-US\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\es-MX\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\et-EE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\eu-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fa-IR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fi-FI\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fil-PH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-CA\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\fr-FR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ga-IE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gd-GB\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gl-ES\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\gu-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\he-IL\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hi-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hr-HR\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\hu-HU\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\id-ID\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\is-IS\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\it-IT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ja-JP\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ka-GE\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\kk-KZ\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\km-KH\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\lv-LV\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mk-MK\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ml-IN\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
modified
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Quarantine\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Snapshots\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Support\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSFax\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows NT\MSScan\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Security Health\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Security Health\Logs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Templates\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\WwanSvc\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\SoftwareDistribution\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\USOShared\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\USOShared\Logs\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\USOShared\Logs\User\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\WindowsHolographicDevices\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\WindowsHolographicDevices\SpatialStore\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\dbg\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\regid.1991-06.com.microsoft\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\ProgramData\ssh\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\Users\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\Users\Public\Desktop\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\Users\Public\Documents\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\Users\Public\Music\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\Users\Public\Pictures\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\Users\Public\Videos\CriticalBreachDetected.pdf
|
PDF document, version 1.5
|
dropped
|
|
|
|
\Device\ConDrv
|
ASCII text, with very long lines (551), with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\.curlrc.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.allow.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.bk.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.tracing.json.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Diagnosis\osver.txt.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\MF\Active.GRL.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\MF\Pending.GRL.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb00001.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\guest.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user-192.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user-32.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user-40.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user-48.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\User Account Pictures\user.png.rhysida
|
data
|
dropped
|
||
|
C:\ProgramData\_curlrc.rhysida
|
DOS executable (COM)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1gkj5h5u.wrr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4mobtwgc.eow.ps1
|
ASCII text, with no line terminators
|
dropped
|
There are 332 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\JIar3KCVf6.exe
|
"C:\Users\user\Desktop\JIar3KCVf6.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg delete "HKCU\Conttol Panel\Desktop" /v Wallpaper /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg delete "HKCU\Conttol Panel\Desktop" /v Wallpaper /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg delete "HKCU\Conttol Panel\Desktop" /v Wallpaper /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg delete "HKCU\Conttol Panel\Desktop" /v WallpaperStyle /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg delete "HKCU\Conttol Panel\Desktop" /v WallpaperStyle /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg delete "HKCU\Conttol Panel\Desktop" /v WallpaperStyle /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop"
/v NoChangingWallPaper /t REG_SZ /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_SZ
/d 1 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_SZ /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop"
/v NoChangingWallPaper /t REG_SZ /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_SZ
/d 1 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" /v NoChangingWallPaper /t REG_SZ /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg"
/f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg" /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg" /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper
/t REG_SZ /d "C:\Users\Public\bg.jpg" /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg"
/f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v Wallpaper /t REG_SZ /d "C:\Users\Public\bg.jpg"
/f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v WallpaperStyle
/t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d 2 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c rundll32.exe user32.dll,UpdatePerUserSystemParameters
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c cmd.exe /c start powershell.exe -WindowStyle Hidden -Command Sleep -Milliseconds 500; Remove-Item
-Force -Path "C:\Users\user\Desktop\C:\Users\user\Desktop\JIar3KCVf6.exe" -ErrorAction SilentlyContinue;
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c start powershell.exe -WindowStyle Hidden -Command Sleep -Milliseconds 500; Remove-Item -Force -Path "C:\Users\user\Desktop\C:\Users\user\Desktop\JIar3KCVf6.exe"
-ErrorAction SilentlyContinue;
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -WindowStyle Hidden -Command Sleep -Milliseconds 500; Remove-Item -Force -Path "C:\Users\user\Desktop\C:\Users\user\Desktop\JIar3KCVf6.exe"
-ErrorAction SilentlyContinue;
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe user32.dll,UpdatePerUserSystemParameters
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 22 hidden processes, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Control Panel\Desktop
|
Wallpaper
|
|
|
|
HKEY_CURRENT_USER\Control Panel\Desktop
|
WallpaperStyle
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
|
NoChangingWallPaper
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
|
NoChangingWallPaper
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
Wallpaper
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
WallpaperStyle
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
40446ED000
|
stack
|
page read and write
|
||
|
25B1000
|
heap
|
page read and write
|
||
|
3C44000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
37C3000
|
heap
|
page read and write
|
||
|
4143000
|
heap
|
page read and write
|
||
|
3C8D000
|
heap
|
page read and write
|
||
|
DAD038F000
|
stack
|
page read and write
|
||
|
5CEB90D000
|
stack
|
page read and write
|
||
|
824237F000
|
stack
|
page read and write
|
||
|
1A024448000
|
heap
|
page read and write
|
||
|
5CEB98F000
|
stack
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
3FB6000
|
heap
|
page read and write
|
||
|
3A22000
|
heap
|
page read and write
|
||
|
114DF7F000
|
stack
|
page read and write
|
||
|
3DF7000
|
heap
|
page read and write
|
||
|
2E2F000
|
heap
|
page read and write
|
||
|
3E88000
|
heap
|
page read and write
|
||
|
14B20600000
|
heap
|
page read and write
|
||
|
346E000
|
heap
|
page read and write
|
||
|
3B5A000
|
heap
|
page read and write
|
||
|
1A0246A5000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
206E0200000
|
heap
|
page read and write
|
||
|
14B20985000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4292000
|
heap
|
page read and write
|
||
|
3D46000
|
heap
|
page read and write
|
||
|
1FCEC1B7000
|
heap
|
page read and write
|
||
|
3F24000
|
heap
|
page read and write
|
||
|
345E000
|
heap
|
page read and write
|
||
|
3E55000
|
heap
|
page read and write
|
||
|
2B4FCE30000
|
heap
|
page read and write
|
||
|
3D51000
|
heap
|
page read and write
|
||
|
4436000
|
heap
|
page read and write
|
||
|
2CE2000
|
heap
|
page read and write
|
||
|
417C000
|
heap
|
page read and write
|
||
|
3AB6000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
40E1000
|
heap
|
page read and write
|
||
|
D20C87F000
|
stack
|
page read and write
|
||
|
206E0430000
|
heap
|
page read and write
|
||
|
3EFF000
|
heap
|
page read and write
|
||
|
2B4FCC29000
|
heap
|
page read and write
|
||
|
34E2000
|
heap
|
page read and write
|
||
|
72C000
|
stack
|
page read and write
|
||
|
3EED000
|
heap
|
page read and write
|
||
|
475000
|
unkown
|
page write copy
|
||
|
40CF000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
14B20550000
|
heap
|
page read and write
|
||
|
1E742178000
|
heap
|
page read and write
|
||
|
3D63000
|
heap
|
page read and write
|
||
|
3DA3000
|
heap
|
page read and write
|
||
|
28E2000
|
heap
|
page read and write
|
||
|
2B4FCA40000
|
heap
|
page read and write
|
||
|
479000
|
unkown
|
page readonly
|
||
|
42DC000
|
heap
|
page read and write
|
||
|
3AAE000
|
heap
|
page read and write
|
||
|
906000
|
heap
|
page read and write
|
||
|
1A0246A0000
|
heap
|
page read and write
|
||
|
41A0000
|
heap
|
page read and write
|
||
|
268B000
|
heap
|
page read and write
|
||
|
3DDA000
|
heap
|
page read and write
|
||
|
3B32000
|
heap
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
2ABB000
|
heap
|
page read and write
|
||
|
3CE1000
|
heap
|
page read and write
|
||
|
22A71AC0000
|
heap
|
page read and write
|
||
|
416A000
|
heap
|
page read and write
|
||
|
D20C8FF000
|
stack
|
page read and write
|
||
|
3E74000
|
heap
|
page read and write
|
||
|
1E7423C5000
|
heap
|
page read and write
|
||
|
44C000
|
unkown
|
page write copy
|
||
|
36C1000
|
heap
|
page read and write
|
||
|
93E000
|
heap
|
page read and write
|
||
|
3F12000
|
heap
|
page read and write
|
||
|
28E2000
|
heap
|
page read and write
|
||
|
25A8000
|
heap
|
page read and write
|
||
|
DAD028D000
|
stack
|
page read and write
|
||
|
1A0243C0000
|
heap
|
page read and write
|
||
|
1A0243F0000
|
heap
|
page read and write
|
||
|
1E742140000
|
heap
|
page read and write
|
||
|
14B20608000
|
heap
|
page read and write
|
||
|
25BB000
|
heap
|
page read and write
|
||
|
2CE2000
|
heap
|
page read and write
|
||
|
3BFB000
|
heap
|
page read and write
|
||
|
2E6E000
|
heap
|
page read and write
|
||
|
3E87000
|
heap
|
page read and write
|
||
|
388C000
|
heap
|
page read and write
|
||
|
1E254580000
|
heap
|
page read and write
|
||
|
40C5000
|
heap
|
page read and write
|
||
|
3B96000
|
heap
|
page read and write
|
||
|
2AB2000
|
heap
|
page read and write
|
||
|
42CA000
|
heap
|
page read and write
|
||
|
114DE7D000
|
stack
|
page read and write
|
||
|
39FB000
|
heap
|
page read and write
|
||
|
22A719C0000
|
heap
|
page read and write
|
||
|
2ABB000
|
heap
|
page read and write
|
||
|
2A2C000
|
heap
|
page read and write
|
||
|
3323000
|
heap
|
page read and write
|
||
|
206E0218000
|
heap
|
page read and write
|
||
|
14B20560000
|
heap
|
page read and write
|
||
|
16CA1610000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
42AA000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page read and write
|
||
|
1A024440000
|
heap
|
page read and write
|
||
|
3CB1000
|
heap
|
page read and write
|
||
|
3C16000
|
heap
|
page read and write
|
||
|
2662000
|
heap
|
page read and write
|
||
|
3C7B000
|
heap
|
page read and write
|
||
|
3CCD000
|
heap
|
page read and write
|
||
|
427F000
|
heap
|
page read and write
|
||
|
114DEFF000
|
stack
|
page read and write
|
||
|
1E742120000
|
heap
|
page read and write
|
||
|
41BE000
|
heap
|
page read and write
|
||
|
4029000
|
heap
|
page read and write
|
||
|
409F000
|
heap
|
page read and write
|
||
|
34E2000
|
heap
|
page read and write
|
||
|
434E000
|
heap
|
page read and write
|
||
|
1E742110000
|
heap
|
page read and write
|
||
|
3BBC000
|
heap
|
page read and write
|
||
|
3A44000
|
heap
|
page read and write
|
||
|
3AAE000
|
heap
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
3D32000
|
heap
|
page read and write
|
||
|
29ED000
|
heap
|
page read and write
|
||
|
2B4FCC20000
|
heap
|
page read and write
|
||
|
3C5C000
|
heap
|
page read and write
|
||
|
3B84000
|
heap
|
page read and write
|
||
|
81E000
|
heap
|
page read and write
|
||
|
2A2F000
|
heap
|
page read and write
|
||
|
264B000
|
heap
|
page read and write
|
||
|
404E000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
43A0000
|
heap
|
page read and write
|
||
|
4324000
|
heap
|
page read and write
|
||
|
3806000
|
heap
|
page read and write
|
||
|
3E61000
|
heap
|
page read and write
|
||
|
412F000
|
heap
|
page read and write
|
||
|
39B4000
|
heap
|
page read and write
|
||
|
1E2546A0000
|
heap
|
page read and write
|
||
|
2AB8000
|
heap
|
page read and write
|
||
|
3FDA000
|
heap
|
page read and write
|
||
|
2E35000
|
heap
|
page read and write
|
||
|
4050000
|
heap
|
page read and write
|
||
|
36BF000
|
heap
|
page read and write
|
||
|
41D0000
|
heap
|
page read and write
|
||
|
16CA1618000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
25CC000
|
heap
|
page read and write
|
||
|
4109000
|
heap
|
page read and write
|
||
|
3955000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
288E000
|
heap
|
page read and write
|
||
|
3BAA000
|
heap
|
page read and write
|
||
|
3780000
|
heap
|
page read and write
|
||
|
3FA4000
|
heap
|
page read and write
|
||
|
41AC000
|
heap
|
page read and write
|
||
|
3F9A000
|
heap
|
page read and write
|
||
|
2E71000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
206E0400000
|
heap
|
page read and write
|
||
|
2E6E000
|
heap
|
page read and write
|
||
|
1E742170000
|
heap
|
page read and write
|
||
|
456000
|
unkown
|
page readonly
|
||
|
4208000
|
heap
|
page read and write
|
||
|
8F24CD000
|
stack
|
page read and write
|
||
|
32D3000
|
heap
|
page read and write
|
||
|
6148E7C000
|
stack
|
page read and write
|
||
|
3958000
|
heap
|
page read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
3F11000
|
heap
|
page read and write
|
||
|
F94ABBD000
|
stack
|
page read and write
|
||
|
1FCEC0B0000
|
heap
|
page read and write
|
||
|
819000
|
heap
|
page read and write
|
||
|
F94AE7F000
|
stack
|
page read and write
|
||
|
939000
|
heap
|
page read and write
|
||
|
206E03E0000
|
heap
|
page read and write
|
||
|
3BE9000
|
heap
|
page read and write
|
||
|
4346000
|
heap
|
page read and write
|
||
|
262B000
|
heap
|
page read and write
|
||
|
1FCEC450000
|
heap
|
page read and write
|
||
|
206E0435000
|
heap
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
418E000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
25A4000
|
heap
|
page read and write
|
||
|
3DC7000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
4312000
|
heap
|
page read and write
|
||
|
1FCEC1B0000
|
heap
|
page read and write
|
||
|
3256000
|
heap
|
page read and write
|
||
|
260B000
|
heap
|
page read and write
|
||
|
1E2548C0000
|
heap
|
page read and write
|
||
|
268B000
|
heap
|
page read and write
|
||
|
455000
|
unkown
|
page read and write
|
||
|
22A71B67000
|
heap
|
page read and write
|
||
|
36F2000
|
heap
|
page read and write
|
||
|
36CA000
|
heap
|
page read and write
|
||
|
2AB8000
|
heap
|
page read and write
|
||
|
39D5000
|
heap
|
page read and write
|
||
|
14B20980000
|
heap
|
page read and write
|
||
|
22A71AA0000
|
heap
|
page read and write
|
||
|
3D89000
|
heap
|
page read and write
|
||
|
3993000
|
heap
|
page read and write
|
||
|
1FCEC0D0000
|
heap
|
page read and write
|
||
|
3CEB000
|
heap
|
page read and write
|
||
|
42C0000
|
heap
|
page read and write
|
||
|
32D2000
|
heap
|
page read and write
|
||
|
3849000
|
heap
|
page read and write
|
||
|
3D10000
|
heap
|
page read and write
|
||
|
4CF4000
|
heap
|
page read and write
|
||
|
3D77000
|
heap
|
page read and write
|
||
|
403B000
|
heap
|
page read and write
|
||
|
432E000
|
heap
|
page read and write
|
||
|
25CB000
|
heap
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
3AB6000
|
heap
|
page read and write
|
||
|
41F4000
|
heap
|
page read and write
|
||
|
43DC000
|
heap
|
page read and write
|
||
|
16CA1995000
|
heap
|
page read and write
|
||
|
22A71B60000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
14B20580000
|
heap
|
page read and write
|
||
|
16CA15A0000
|
heap
|
page read and write
|
||
|
6148F7E000
|
stack
|
page read and write
|
||
|
2A2E000
|
heap
|
page read and write
|
||
|
38CF000
|
heap
|
page read and write
|
||
|
411B000
|
heap
|
page read and write
|
||
|
475000
|
unkown
|
page read and write
|
||
|
80000
|
heap
|
page read and write
|
||
|
1FCEBFD0000
|
heap
|
page read and write
|
||
|
F94AEFF000
|
stack
|
page read and write
|
||
|
4460000
|
heap
|
page read and write
|
||
|
1E7423C0000
|
heap
|
page read and write
|
||
|
16CA1990000
|
heap
|
page read and write
|
||
|
422D000
|
heap
|
page read and write
|
||
|
3A6F000
|
heap
|
page read and write
|
||
|
22A71D65000
|
heap
|
page read and write
|
||
|
2E6E000
|
heap
|
page read and write
|
||
|
1FCEDBB0000
|
heap
|
page read and write
|
||
|
947000
|
heap
|
page read and write
|
||
|
404476F000
|
stack
|
page read and write
|
||
|
40447EF000
|
stack
|
page read and write
|
||
|
4C92000
|
heap
|
page read and write
|
||
|
3F56000
|
heap
|
page read and write
|
||
|
3916000
|
heap
|
page read and write
|
||
|
1A0243D0000
|
heap
|
page read and write
|
||
|
DAD030E000
|
stack
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
346E000
|
heap
|
page read and write
|
||
|
81E000
|
heap
|
page read and write
|
||
|
2B4FCB20000
|
heap
|
page read and write
|
||
|
2A2C000
|
heap
|
page read and write
|
||
|
4D06000
|
heap
|
page read and write
|
||
|
2B4FCB40000
|
heap
|
page read and write
|
||
|
40F3000
|
heap
|
page read and write
|
||
|
1E254660000
|
heap
|
page read and write
|
||
|
2B4FCE35000
|
heap
|
page read and write
|
||
|
456000
|
unkown
|
page readonly
|
||
|
44C000
|
unkown
|
page write copy
|
||
|
3CFE000
|
heap
|
page read and write
|
||
|
3737000
|
heap
|
page read and write
|
||
|
265E000
|
heap
|
page read and write
|
||
|
426C000
|
heap
|
page read and write
|
||
|
4239000
|
heap
|
page read and write
|
||
|
25AC000
|
heap
|
page read and write
|
||
|
25EB000
|
heap
|
page read and write
|
||
|
1E254680000
|
heap
|
page read and write
|
||
|
3C68000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3E86000
|
heap
|
page read and write
|
||
|
22A71D60000
|
heap
|
page read and write
|
||
|
3314000
|
heap
|
page read and write
|
||
|
3A6C000
|
heap
|
page read and write
|
||
|
3BD4000
|
heap
|
page read and write
|
||
|
414D000
|
heap
|
page read and write
|
||
|
2AB2000
|
heap
|
page read and write
|
||
|
16CA1580000
|
heap
|
page read and write
|
||
|
3C9F000
|
heap
|
page read and write
|
||
|
25CB000
|
heap
|
page read and write
|
||
|
16CA1570000
|
heap
|
page read and write
|
||
|
1E2546A8000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
1E2548C5000
|
heap
|
page read and write
|
||
|
1FCEC455000
|
heap
|
page read and write
|
||
|
345E000
|
heap
|
page read and write
|
||
|
288E000
|
heap
|
page read and write
|
||
|
3964000
|
heap
|
page read and write
|
||
|
4D32000
|
heap
|
page read and write
|
||
|
3323000
|
heap
|
page read and write
|
||
|
40B1000
|
heap
|
page read and write
|
||
|
36D2000
|
heap
|
page read and write
|
||
|
3F36000
|
heap
|
page read and write
|
||
|
3DB5000
|
heap
|
page read and write
|
||
|
82422FF000
|
stack
|
page read and write
|
||
|
3E43000
|
heap
|
page read and write
|
||
|
3E31000
|
heap
|
page read and write
|
||
|
3C28000
|
heap
|
page read and write
|
||
|
6148EFE000
|
stack
|
page read and write
|
||
|
2A71000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
3DED000
|
heap
|
page read and write
|
||
|
206E0210000
|
heap
|
page read and write
|
||
|
401F000
|
heap
|
page read and write
|
||
|
479000
|
unkown
|
page readonly
|
||
|
D20C5FD000
|
stack
|
page read and write
|
||
|
36BB000
|
heap
|
page read and write
|
||
|
3E1B000
|
heap
|
page read and write
|
||
|
41E2000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
3314000
|
heap
|
page read and write
|
||
|
43BA000
|
heap
|
page read and write
|
||
|
408C000
|
heap
|
page read and write
|
||
|
824227D000
|
stack
|
page read and write
|
||
|
4063000
|
heap
|
page read and write
|
||
|
425A000
|
heap
|
page read and write
|
||
|
2EB2000
|
heap
|
page read and write
|
||
|
42EE000
|
heap
|
page read and write
|
There are 314 hidden memdumps, click here to show them.