top title background image
flash

01860199.exe

Status: finished
Submission Time: 2023-05-28 10:41:05 +02:00
Malicious
Ransomware
Trojan
Spyware
Evader
Amadey, Babuk, Clipboard Hijacker, Djvu,

Comments

Tags

Details

  • Analysis ID:
    876998
  • API (Web) ID:
    1243988
  • Analysis Started:
    2023-05-28 10:41:06 +02:00
  • Analysis Finished:
    2023-05-28 10:56:27 +02:00
  • MD5:
    3d8207e1ce6762ff10db118bee3bd99b
  • SHA1:
    82a02d6e00de00074b48ba3cc76424a6efe3e6ab
  • SHA256:
    c38267836dde53953018c962a372e8e74153f97932418b682fc653ecfcb7bece
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 27/71
malicious
Score: 21/24
malicious
malicious

IPs

IP Country Detection
123.140.161.243
Korea Republic of
222.236.49.124
Korea Republic of
222.236.49.123
Korea Republic of
Click to see the 19 hidden entries
183.100.39.157
Korea Republic of
188.114.96.7
European Union
188.114.97.7
European Union
211.59.14.90
Korea Republic of
45.9.74.80
Russian Federation
80.66.203.53
United Kingdom
194.180.48.90
Germany
211.119.84.112
Korea Republic of
211.40.39.251
Korea Republic of
175.119.10.231
Korea Republic of
217.174.148.28
Bulgaria
103.100.211.218
Hong Kong
162.0.217.254
Canada
157.240.9.35
United States
188.34.154.187
Germany
157.240.17.17
United States
149.154.167.99
United Kingdom
157.240.234.35
United States
154.221.31.191
Seychelles

Domains

Name IP Detection
toobussy.com
222.236.49.123
colisumy.com
211.119.84.112
potunulit.org
188.114.97.7
Click to see the 11 hidden entries
jp.imgjeoighw.com
103.100.211.218
speedlab.com.eg
217.174.148.28
shsplatform.co.uk
80.66.203.53
zexeq.com
175.119.10.231
star-mini.c10r.facebook.com
157.240.9.35
star.c10r.facebook.com
157.240.17.17
t.me
149.154.167.99
ss.apjeoighw.com
154.221.31.191
api.2ip.ua
162.0.217.254
www.facebook.com
0.0.0.0
adsmanager.facebook.com
0.0.0.0

URLs

Name Detection
http://colisumy.com/dl/build.exe
http://45.9.74.80/0bjdn2Z/index.php?scr=1
http://zexeq.com/raud/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=trueQ58
Click to see the 97 hidden entries
http://45.9.74.80/0bjdn2Z/Plugins/clip64.dll
http://kingpirate.ru/tmp/
http://194.180.48.90/cc.exe
http://colisumy.com/dl/build2.exe
https://speedlab.com.eg/tmp/index.php
http://zexeq.com/raud/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=true
http://zexeq.com/files/1/build3.exe$runZT
http://zexeq.com/raud/get.phpep
http://zexeq.com/raud/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806Cg
http://45.9.74.80/0bjdn2Z/index.php
http://45.9.74.80/power.exe
http://jp.imgjeoighw.com/sts/image.jpgO
http://toobussy.com/
http://zexeq.com/raud/get.php?pid=F4B58C92E14ED1DB6A495C4F011280Nkx%
http://potunulit.org/
http://zexeq.com/files/1/build3.exe$runyinstall020921_delay721_sec.exe0
http://zexeq.com/raud/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C
http://wuc11.com/tmp/
http://zexeq.com/files/1/build3.exe$run
45.9.74.80/0bjdn2Z/index.php
http://zexeq.com/files/1/build3.exel
http://colisumy.com/dl/build2.exe$run
http://jp.imgjeoighw.com/sts/image.jpg
https://shsplatform.co.uk/tmp/index.php
http://colisumy.com/dl/build2.exerun3
https://we.tl/t-tnzomMj6HU
http://45.9.74.80/0bjdn2Z/Plugins/cred64.dll
http://zexeq.com/raud/get.php
http://zexeq.com/files/1/build3.exe
https://we.tl/t-tnzomMj6
http://ladogatur.ru/tmp/
http://toobussy.com/tmp/
http://zexeq.com/files/1/build3.exerunb10
http://188.34.154.187:30303/
https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/yWg6mkUCjYR.js?_nc_x=Ij3Wp8lg5Kz
https://static.xx.fbcdn.net/rsrc.php/v3/yq/l/0
https://www.facebook.com/login.php?next=https%3A%2F%2Fadsmanager.facebook.com%2Fads%2Fmanager%2Faccount_settings%2Faccount_billing%2F
https://api.2ip.ua/geo.jsons
https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/A-4As8UDAZ8.js?_nc_x=Ij3Wp8lg5Kz
https://api.2ip.ua/geo.jsonq
http://ss.apjeoighw.com/blob:
http://ss.apjeoighw.com:80/check/?sid=436234&key=2cef0d99b721939135d08fea0dcaba52G_
http://www.nytimes.com/
https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0
http://www.live.com/
https://api.2ip.ua/
https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yx/l/en_US/LsRZeEzcd6B.js?_nc_x=Ij3Wp8lg5Kz
http://ss.apjeoighw.com/check/?sid=436336&key=3f9d01718af2d5daf3c654f2052d5bc7
http://ss.apjeoighw.com/check/safe
https://t.me/looking_glassboeL
http://www.wikipedia.com/
https://api.2ip.ua/geo.json
http://188.34.154.187:30303/e44c96dfdf315ccf17cdd4b93cfe6e48
https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/sczXDyPA0UL.js?_nc_x=Ij3Wp8lg5Kz
https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/_tJ17sGyx
https://api.2ip.ua/geo.json#&
https://freebl3.dllmozglue.dllmsvcp140.dllnss3.dllsoftokn3.dllvcruntime140.dll
http://ss.apjeoighw.com/check/?sid=436234&key=2cef0d99b721939135d08fea0dcaba52
http://www.reddit.com/
http://ss.apjeoighw.com:80/check/safe
http://ss.apjeoighw.com/check/safe)
http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0
https://api.2ip.ua/geo.jsonV
https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0
http://ss.apjeoighw.com/check/safe3
https://api.2ip.ua/u
https://api.2ip.ua/geo.jsonyY&$
https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz
http://188.34.154.187:30303/addon.zip
https://steamcommunity.com/profiles/76561199508624021
https://t.me/looking_glassbotlookataddon.zipMozilla/5.0
http://ss.apjeoighw.com/
https://static.xx.fbcdn.net/rsrc.php/v3/yL/r/camCPYrr6r7.js?_nc_x=Ij3Wp8lg5Kz
https://messenger.com/
https://steamcommunity.com/profiles/76561199508624021update.zipopenopen_NULL%s
https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/v75M7CPu9-P.js?_nc_x=Ij3Wp8lg5Kz
https://static.xx.fbcdn.net/rsrc.php/v3/y-/l/0
https://api.2ip.ua/geo.jsonA
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
http://www.openssl.org/support/faq.html
http://www.twitter.com/
http://www.amazon.com/
http://ss.apjeoighw.com/check/?sid=436160&key=a96ab7e5e6412d32675599dfaebc13f6
http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/ZZnKfYusN8Z.js?_nc_x=Ij3Wp8lg5Kz
https://t.me/looking_glassbot
https://static.xx.fbcdn.net/rsrc.php/v3/yK/l/0
https://static.xx.fbcdn.net/rsrc.php/v3/yT/r/Kp9IMjEGN_T.js?_nc_x=Ij3Wp8lg5Kz
https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/Ib90vcVxYzI.js?_nc_x=Ij3Wp8lg5Kz
https://static.xx.fbcdn.net/rsrc.php/v3/yB/l/0
https://api.2ip.ua/geo.json1
http://www.youtube.com/
https://api.2ip.ua/?
https://adsmanager.facebook.com/ads/manager/account_settings/account_billing/
https://api.2ip.ua/geo.jsonG.S
http://ss.apjeoighw.com/check/safe1B

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\0e111cbe-1163-4b86-ad03-032e194ee525\build2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\0e111cbe-1163-4b86-ad03-032e194ee525\build3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 327 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred64[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\388B.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\3C54.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\3E02.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\57DC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\5DA0.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\673.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\6FA9.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\6d73a97b0c\mnolyk.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\913F.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\9F31.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\A170.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\A3D5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\B46F.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\B8C8.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\BC2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\C861.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\CBE6.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\D689.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\D804.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\EA44.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\F4F7.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\NewPlayer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\XandETC.exe
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Local\Temp\aafg31.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\de8c49a6-0e90-48ec-87c8-3cd1f6f0601e\D804.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\07c6bc37dc5087\cred64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\ewgujdv
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\hwgujdv
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\hwgujdv:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\CZQKSDDMWR.png
data
#
C:\Users\user\Desktop\HMPPSXQPQV.png
data
#
C:\Users\user\Desktop\NWCXBPIUYI.jpg
data
#
C:\Users\user\Downloads\ChromeSetup.exe
MS-DOS executable
#
C:\Users\user\Downloads\ChromeSetup.exe.vapo (copy)
MS-DOS executable
#
C:\Users\user\_readme.txt
ASCII text, with CRLF line terminators
#
C:\_readme.txt
ASCII text, with CRLF line terminators
#
C:\ProgramData\02562567454920506534245398
SQLite 3.x database, last written using SQLite version 3038005, file counter 7, database pages 36, 1st free page 10, free pages 1, cookie 0x29, schema 4, UTF-8, version-valid-for 7
#
C:\ProgramData\24693879337469440987379525
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
#
C:\ProgramData\39571994840354560723794613
SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
#
C:\ProgramData\61788534741070885639801227
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#
C:\ProgramData\68933564346194372112252072
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
#
C:\ProgramData\95239249759806897874806564
SQLite 3.x database, last written using SQLite version 3038005, file counter 7, database pages 36, 1st free page 10, free pages 1, cookie 0x29, schema 4, UTF-8, version-valid-for 7
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C861.exe_ee73edd8fcc59e6e41b76bbadce78e8978345d94_81c5b0e7_15ae9ed9\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8517.tmp.dmp
Mini DuMP crash report, 14 streams, Sun May 28 17:42:40 2023, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8670.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER86DE.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\SystemID\PersonalID.txt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old
data
#
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.vapo (copy)
data
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2EM0SFDW\www.msn[1].xml
data
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2EM0SFDW\www.msn[1].xml.vapo (copy)
data
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NJ1L9FBN\www.google[1].xml
data
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NJ1L9FBN\www.google[1].xml.vapo (copy)
data
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WP4N5YVD\contextual.media[1].xml
data
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WP4N5YVD\contextual.media[1].xml.vapo (copy)
data
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YU3ONM33\www.microsoft[1].xml
data
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YU3ONM33\www.microsoft[1].xml.vapo (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3C54.exe.log
CSV text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\get[1].htm
JSON data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\image[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1440, components 3
#
C:\Users\user\AppData\Local\Temp\853321935212
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
#
C:\Users\user\AppData\Local\bowsakkdestx.txt
JSON data
#
C:\Users\user\AppData\Roaming\07c6bc37dc5087\clip64.dll
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\CZQKSDDMWR.png.vapo (copy)
data
#
C:\Users\user\Desktop\GLTYDMDUST.mp3
data
#
C:\Users\user\Desktop\GLTYDMDUST.mp3.vapo (copy)
data
#
C:\Users\user\Desktop\GLTYDMDUST.pdf
data
#
C:\Users\user\Desktop\GLTYDMDUST.pdf.vapo (copy)
data
#
C:\Users\user\Desktop\GLTYDMDUST.xlsx
data
#
C:\Users\user\Desktop\GLTYDMDUST.xlsx.vapo (copy)
data
#
C:\Users\user\Desktop\GNLQNHOLWB.mp3
data
#
C:\Users\user\Desktop\GNLQNHOLWB.mp3.vapo (copy)
data
#
C:\Users\user\Desktop\HMPPSXQPQV.png.vapo (copy)
data
#
C:\Users\user\Desktop\HQJBRDYKDE.jpg
data
#
C:\Users\user\Desktop\HQJBRDYKDE.jpg.vapo (copy)
data
#
C:\Users\user\Desktop\LFOPODGVOH.jpg
data
#
C:\Users\user\Desktop\LFOPODGVOH.jpg.vapo (copy)
data
#
C:\Users\user\Desktop\LFOPODGVOH.xlsx
data
#
C:\Users\user\Desktop\LFOPODGVOH.xlsx.vapo (copy)
data
#
C:\Users\user\Desktop\LHEPQPGEWF.mp3
data
#
C:\Users\user\Desktop\LHEPQPGEWF.mp3.vapo (copy)
data
#
C:\Users\user\Desktop\LIJDSFKJZG.pdf
data
#
C:\Users\user\Desktop\LIJDSFKJZG.pdf.vapo (copy)
data
#
C:\Users\user\Desktop\NIRMEKAMZH.png
data
#
C:\Users\user\Desktop\NIRMEKAMZH.png.vapo (copy)
data
#
C:\Users\user\Desktop\NWCXBPIUYI.docx
data
#
C:\Users\user\Desktop\NWCXBPIUYI.docx.vapo (copy)
data
#
C:\Users\user\Desktop\NWCXBPIUYI.jpg.vapo (copy)
data
#
C:\Users\user\Desktop\NWCXBPIUYI.xlsx
data
#
C:\Users\user\Desktop\NWCXBPIUYI.xlsx.vapo (copy)
data
#
C:\Users\user\Desktop\NWCXBPIUYI\GNLQNHOLWB.mp3
data
#
C:\Users\user\Desktop\NWCXBPIUYI\GNLQNHOLWB.mp3.vapo (copy)
data
#
C:\Users\user\Desktop\NWCXBPIUYI\HQJBRDYKDE.jpg
data
#
C:\Users\user\Desktop\NWCXBPIUYI\HQJBRDYKDE.jpg.vapo (copy)
data
#
C:\Users\user\Desktop\NWCXBPIUYI\LFOPODGVOH.xlsx
data
#
C:\Users\user\Desktop\NWCXBPIUYI\LFOPODGVOH.xlsx.vapo (copy)
data
#
C:\Users\user\Desktop\NWCXBPIUYI\NIRMEKAMZH.png
data
#
C:\Users\user\Desktop\NWCXBPIUYI\NIRMEKAMZH.png.vapo (copy)
data
#
C:\Users\user\Desktop\NWCXBPIUYI\NWCXBPIUYI.docx
data
#
C:\Users\user\Desktop\NWCXBPIUYI\NWCXBPIUYI.docx.vapo (copy)
data
#
C:\Users\user\Desktop\NWCXBPIUYI\VWDFPKGDUF.pdf
data
#
C:\Users\user\Desktop\NWCXBPIUYI\VWDFPKGDUF.pdf.vapo (copy)
data
#
C:\Users\user\Desktop\NYMMPCEIMA.docx
data
#
C:\Users\user\Desktop\NYMMPCEIMA.docx.vapo (copy)
data
#
C:\Users\user\Desktop\NYMMPCEIMA.xlsx
data
#
C:\Users\user\Desktop\NYMMPCEIMA.xlsx.vapo (copy)
data
#
C:\Users\user\Desktop\NYMMPCEIMA\GLTYDMDUST.pdf
data
#
C:\Users\user\Desktop\NYMMPCEIMA\GLTYDMDUST.pdf.vapo (copy)
data
#
C:\Users\user\Desktop\NYMMPCEIMA\HMPPSXQPQV.png
data
#
C:\Users\user\Desktop\NYMMPCEIMA\HMPPSXQPQV.png.vapo (copy)
data
#
C:\Users\user\Desktop\NYMMPCEIMA\LFOPODGVOH.jpg
data
#
C:\Users\user\Desktop\NYMMPCEIMA\LFOPODGVOH.jpg.vapo (copy)
data
#
C:\Users\user\Desktop\NYMMPCEIMA\NWCXBPIUYI.xlsx
data
#
C:\Users\user\Desktop\NYMMPCEIMA\NWCXBPIUYI.xlsx.vapo (copy)
data
#
C:\Users\user\Desktop\NYMMPCEIMA\NYMMPCEIMA.docx
data
#
C:\Users\user\Desktop\NYMMPCEIMA\NYMMPCEIMA.docx.vapo (copy)
data
#
C:\Users\user\Desktop\NYMMPCEIMA\VWDFPKGDUF.mp3
data
#
C:\Users\user\Desktop\NYMMPCEIMA\VWDFPKGDUF.mp3.vapo (copy)
data
#
C:\Users\user\Desktop\QCOILOQIKC.docx
data
#
C:\Users\user\Desktop\QCOILOQIKC.docx.vapo (copy)
data
#
C:\Users\user\Desktop\QCOILOQIKC\CZQKSDDMWR.png
data
#
C:\Users\user\Desktop\QCOILOQIKC\CZQKSDDMWR.png.vapo (copy)
data
#
C:\Users\user\Desktop\QCOILOQIKC\GLTYDMDUST.mp3
data
#
C:\Users\user\Desktop\QCOILOQIKC\GLTYDMDUST.mp3.vapo (copy)
data
#
C:\Users\user\Desktop\QCOILOQIKC\NWCXBPIUYI.jpg
data
#
C:\Users\user\Desktop\QCOILOQIKC\NWCXBPIUYI.jpg.vapo (copy)
data
#
C:\Users\user\Desktop\QCOILOQIKC\NYMMPCEIMA.xlsx
data
#
C:\Users\user\Desktop\QCOILOQIKC\NYMMPCEIMA.xlsx.vapo (copy)
data
#
C:\Users\user\Desktop\QCOILOQIKC\QCOILOQIKC.docx
data
#
C:\Users\user\Desktop\QCOILOQIKC\QCOILOQIKC.docx.vapo (copy)
data
#
C:\Users\user\Desktop\QCOILOQIKC\ZIPXYXWIOY.pdf
data
#
C:\Users\user\Desktop\QCOILOQIKC\ZIPXYXWIOY.pdf.vapo (copy)
data
#
C:\Users\user\Desktop\SNIPGPPREP.png
data
#
C:\Users\user\Desktop\SNIPGPPREP.png.vapo (copy)
data
#
C:\Users\user\Desktop\VWDFPKGDUF.jpg
data
#
C:\Users\user\Desktop\VWDFPKGDUF.jpg.vapo (copy)
data
#
C:\Users\user\Desktop\VWDFPKGDUF.mp3
data
#
C:\Users\user\Desktop\VWDFPKGDUF.mp3.vapo (copy)
data
#
C:\Users\user\Desktop\VWDFPKGDUF.pdf
data
#
C:\Users\user\Desktop\VWDFPKGDUF.pdf.vapo (copy)
data
#
C:\Users\user\Desktop\ZIPXYXWIOY.docx
data
#
C:\Users\user\Desktop\ZIPXYXWIOY.docx.vapo (copy)
data
#
C:\Users\user\Desktop\ZIPXYXWIOY.pdf
data
#
C:\Users\user\Desktop\ZIPXYXWIOY.pdf.vapo (copy)
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\GLTYDMDUST.xlsx
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\GLTYDMDUST.xlsx.vapo (copy)
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\LHEPQPGEWF.mp3
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\LHEPQPGEWF.mp3.vapo (copy)
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\LIJDSFKJZG.pdf
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\LIJDSFKJZG.pdf.vapo (copy)
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\SNIPGPPREP.png
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\SNIPGPPREP.png.vapo (copy)
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\VWDFPKGDUF.jpg
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\VWDFPKGDUF.jpg.vapo (copy)
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\ZIPXYXWIOY.docx
data
#
C:\Users\user\Desktop\ZIPXYXWIOY\ZIPXYXWIOY.docx.vapo (copy)
data
#
C:\Users\user\Documents\CZQKSDDMWR.png
data
#
C:\Users\user\Documents\CZQKSDDMWR.png.vapo (copy)
data
#
C:\Users\user\Documents\GLTYDMDUST.mp3
data
#
C:\Users\user\Documents\GLTYDMDUST.mp3.vapo (copy)
data
#
C:\Users\user\Documents\GLTYDMDUST.pdf
data
#
C:\Users\user\Documents\GLTYDMDUST.pdf.vapo (copy)
data
#
C:\Users\user\Documents\GLTYDMDUST.xlsx
data
#
C:\Users\user\Documents\GLTYDMDUST.xlsx.vapo (copy)
data
#
C:\Users\user\Documents\GNLQNHOLWB.mp3
data
#
C:\Users\user\Documents\GNLQNHOLWB.mp3.vapo (copy)
data
#
C:\Users\user\Documents\HMPPSXQPQV.png
data
#
C:\Users\user\Documents\HMPPSXQPQV.png.vapo (copy)
data
#
C:\Users\user\Documents\HQJBRDYKDE.jpg
data
#
C:\Users\user\Documents\HQJBRDYKDE.jpg.vapo (copy)
data
#
C:\Users\user\Documents\LFOPODGVOH.jpg
data
#
C:\Users\user\Documents\LFOPODGVOH.jpg.vapo (copy)
data
#
C:\Users\user\Documents\LFOPODGVOH.xlsx
data
#
C:\Users\user\Documents\LFOPODGVOH.xlsx.vapo (copy)
data
#
C:\Users\user\Documents\LHEPQPGEWF.mp3
data
#
C:\Users\user\Documents\LHEPQPGEWF.mp3.vapo (copy)
data
#
C:\Users\user\Documents\LIJDSFKJZG.pdf
data
#
C:\Users\user\Documents\LIJDSFKJZG.pdf.vapo (copy)
data
#
C:\Users\user\Documents\NIRMEKAMZH.png
data
#
C:\Users\user\Documents\NIRMEKAMZH.png.vapo (copy)
data
#
C:\Users\user\Documents\NWCXBPIUYI.docx
data
#
C:\Users\user\Documents\NWCXBPIUYI.docx.vapo (copy)
data
#
C:\Users\user\Documents\NWCXBPIUYI.jpg
data
#
C:\Users\user\Documents\NWCXBPIUYI.jpg.vapo (copy)
data
#
C:\Users\user\Documents\NWCXBPIUYI.xlsx
data
#
C:\Users\user\Documents\NWCXBPIUYI.xlsx.vapo (copy)
data
#
C:\Users\user\Documents\NWCXBPIUYI\GNLQNHOLWB.mp3
data
#
C:\Users\user\Documents\NWCXBPIUYI\GNLQNHOLWB.mp3.vapo (copy)
data
#
C:\Users\user\Documents\NWCXBPIUYI\HQJBRDYKDE.jpg
data
#
C:\Users\user\Documents\NWCXBPIUYI\HQJBRDYKDE.jpg.vapo (copy)
data
#
C:\Users\user\Documents\NWCXBPIUYI\LFOPODGVOH.xlsx
data
#
C:\Users\user\Documents\NWCXBPIUYI\LFOPODGVOH.xlsx.vapo (copy)
data
#
C:\Users\user\Documents\NWCXBPIUYI\NIRMEKAMZH.png
data
#
C:\Users\user\Documents\NWCXBPIUYI\NIRMEKAMZH.png.vapo (copy)
data
#
C:\Users\user\Documents\NWCXBPIUYI\NWCXBPIUYI.docx
data
#
C:\Users\user\Documents\NWCXBPIUYI\NWCXBPIUYI.docx.vapo (copy)
data
#
C:\Users\user\Documents\NWCXBPIUYI\VWDFPKGDUF.pdf
data
#
C:\Users\user\Documents\NWCXBPIUYI\VWDFPKGDUF.pdf.vapo (copy)
data
#
C:\Users\user\Documents\NYMMPCEIMA.docx
data
#
C:\Users\user\Documents\NYMMPCEIMA.docx.vapo (copy)
data
#
C:\Users\user\Documents\NYMMPCEIMA.xlsx
data
#
C:\Users\user\Documents\NYMMPCEIMA.xlsx.vapo (copy)
data
#
C:\Users\user\Documents\NYMMPCEIMA\GLTYDMDUST.pdf
data
#
C:\Users\user\Documents\NYMMPCEIMA\GLTYDMDUST.pdf.vapo (copy)
data
#
C:\Users\user\Documents\NYMMPCEIMA\HMPPSXQPQV.png
data
#
C:\Users\user\Documents\NYMMPCEIMA\HMPPSXQPQV.png.vapo (copy)
data
#
C:\Users\user\Documents\NYMMPCEIMA\LFOPODGVOH.jpg
data
#
C:\Users\user\Documents\NYMMPCEIMA\LFOPODGVOH.jpg.vapo (copy)
data
#
C:\Users\user\Documents\NYMMPCEIMA\NWCXBPIUYI.xlsx
data
#
C:\Users\user\Documents\NYMMPCEIMA\NWCXBPIUYI.xlsx.vapo (copy)
data
#
C:\Users\user\Documents\NYMMPCEIMA\NYMMPCEIMA.docx
data
#
C:\Users\user\Documents\NYMMPCEIMA\NYMMPCEIMA.docx.vapo (copy)
data
#
C:\Users\user\Documents\NYMMPCEIMA\VWDFPKGDUF.mp3
data
#
C:\Users\user\Documents\NYMMPCEIMA\VWDFPKGDUF.mp3.vapo (copy)
data
#
C:\Users\user\Documents\Outlook Files\Outlook.pst
Microsoft Outlook email folder
#
C:\Users\user\Documents\Outlook Files\Outlook.pst.vapo (copy)
Microsoft Outlook email folder
#
C:\Users\user\Documents\QCOILOQIKC.docx
data
#
C:\Users\user\Documents\QCOILOQIKC.docx.vapo (copy)
data
#
C:\Users\user\Documents\QCOILOQIKC\CZQKSDDMWR.png
data
#
C:\Users\user\Documents\QCOILOQIKC\CZQKSDDMWR.png.vapo (copy)
data
#
C:\Users\user\Documents\QCOILOQIKC\GLTYDMDUST.mp3
data
#
C:\Users\user\Documents\QCOILOQIKC\GLTYDMDUST.mp3.vapo (copy)
data
#
C:\Users\user\Documents\QCOILOQIKC\NWCXBPIUYI.jpg
data
#
C:\Users\user\Documents\QCOILOQIKC\NWCXBPIUYI.jpg.vapo (copy)
data
#
C:\Users\user\Documents\QCOILOQIKC\NYMMPCEIMA.xlsx
data
#
C:\Users\user\Documents\QCOILOQIKC\NYMMPCEIMA.xlsx.vapo (copy)
data
#
C:\Users\user\Documents\QCOILOQIKC\QCOILOQIKC.docx
data
#
C:\Users\user\Documents\QCOILOQIKC\QCOILOQIKC.docx.vapo (copy)
data
#
C:\Users\user\Documents\QCOILOQIKC\ZIPXYXWIOY.pdf
data
#
C:\Users\user\Documents\QCOILOQIKC\ZIPXYXWIOY.pdf.vapo (copy)
data
#
C:\Users\user\Documents\SNIPGPPREP.png
data
#
C:\Users\user\Documents\SNIPGPPREP.png.vapo (copy)
data
#
C:\Users\user\Documents\VWDFPKGDUF.jpg
data
#
C:\Users\user\Documents\VWDFPKGDUF.jpg.vapo (copy)
data
#
C:\Users\user\Documents\VWDFPKGDUF.mp3
data
#
C:\Users\user\Documents\VWDFPKGDUF.mp3.vapo (copy)
data
#
C:\Users\user\Documents\VWDFPKGDUF.pdf
data
#
C:\Users\user\Documents\VWDFPKGDUF.pdf.vapo (copy)
data
#
C:\Users\user\Documents\ZIPXYXWIOY.docx
data
#
C:\Users\user\Documents\ZIPXYXWIOY.docx.vapo (copy)
data
#
C:\Users\user\Documents\ZIPXYXWIOY.pdf
data
#
C:\Users\user\Documents\ZIPXYXWIOY.pdf.vapo (copy)
data
#
C:\Users\user\Documents\ZIPXYXWIOY\GLTYDMDUST.xlsx
data
#
C:\Users\user\Documents\ZIPXYXWIOY\GLTYDMDUST.xlsx.vapo (copy)
data
#
C:\Users\user\Documents\ZIPXYXWIOY\LHEPQPGEWF.mp3
data
#
C:\Users\user\Documents\ZIPXYXWIOY\LHEPQPGEWF.mp3.vapo (copy)
data
#
C:\Users\user\Documents\ZIPXYXWIOY\LIJDSFKJZG.pdf
data
#
C:\Users\user\Documents\ZIPXYXWIOY\LIJDSFKJZG.pdf.vapo (copy)
data
#
C:\Users\user\Documents\ZIPXYXWIOY\SNIPGPPREP.png
data
#
C:\Users\user\Documents\ZIPXYXWIOY\SNIPGPPREP.png.vapo (copy)
data
#
C:\Users\user\Documents\ZIPXYXWIOY\VWDFPKGDUF.jpg
data
#
C:\Users\user\Documents\ZIPXYXWIOY\VWDFPKGDUF.jpg.vapo (copy)
data
#
C:\Users\user\Documents\ZIPXYXWIOY\ZIPXYXWIOY.docx
data
#
C:\Users\user\Documents\ZIPXYXWIOY\ZIPXYXWIOY.docx.vapo (copy)
data
#
C:\Users\user\Downloads\CZQKSDDMWR.png
data
#
C:\Users\user\Downloads\CZQKSDDMWR.png.vapo (copy)
data
#
C:\Users\user\Downloads\GLTYDMDUST.mp3
data
#
C:\Users\user\Downloads\GLTYDMDUST.mp3.vapo (copy)
data
#
C:\Users\user\Downloads\GLTYDMDUST.pdf
data
#
C:\Users\user\Downloads\GLTYDMDUST.pdf.vapo (copy)
data
#
C:\Users\user\Downloads\GLTYDMDUST.xlsx
data
#
C:\Users\user\Downloads\GLTYDMDUST.xlsx.vapo (copy)
data
#
C:\Users\user\Downloads\GNLQNHOLWB.mp3
data
#
C:\Users\user\Downloads\GNLQNHOLWB.mp3.vapo (copy)
data
#
C:\Users\user\Downloads\HMPPSXQPQV.png
data
#
C:\Users\user\Downloads\HMPPSXQPQV.png.vapo (copy)
data
#
C:\Users\user\Downloads\HQJBRDYKDE.jpg
data
#
C:\Users\user\Downloads\HQJBRDYKDE.jpg.vapo (copy)
data
#
C:\Users\user\Downloads\LFOPODGVOH.jpg
data
#
C:\Users\user\Downloads\LFOPODGVOH.jpg.vapo (copy)
data
#
C:\Users\user\Downloads\LFOPODGVOH.xlsx
data
#
C:\Users\user\Downloads\LFOPODGVOH.xlsx.vapo (copy)
data
#
C:\Users\user\Downloads\LHEPQPGEWF.mp3
data
#
C:\Users\user\Downloads\LHEPQPGEWF.mp3.vapo (copy)
data
#
C:\Users\user\Downloads\LIJDSFKJZG.pdf
data
#
C:\Users\user\Downloads\LIJDSFKJZG.pdf.vapo (copy)
data
#
C:\Users\user\Downloads\NIRMEKAMZH.png
data
#
C:\Users\user\Downloads\NIRMEKAMZH.png.vapo (copy)
data
#
C:\Users\user\Downloads\NWCXBPIUYI.docx
data
#
C:\Users\user\Downloads\NWCXBPIUYI.docx.vapo (copy)
data
#
C:\Users\user\Downloads\NWCXBPIUYI.jpg
data
#
C:\Users\user\Downloads\NWCXBPIUYI.jpg.vapo (copy)
data
#
C:\Users\user\Downloads\NWCXBPIUYI.xlsx
data
#
C:\Users\user\Downloads\NWCXBPIUYI.xlsx.vapo (copy)
data
#
C:\Users\user\Downloads\NYMMPCEIMA.docx
data
#
C:\Users\user\Downloads\NYMMPCEIMA.docx.vapo (copy)
data
#
C:\Users\user\Downloads\NYMMPCEIMA.xlsx
data
#
C:\Users\user\Downloads\NYMMPCEIMA.xlsx.vapo (copy)
data
#
C:\Users\user\Downloads\QCOILOQIKC.docx
data
#
C:\Users\user\Downloads\QCOILOQIKC.docx.vapo (copy)
data
#
C:\Users\user\Downloads\SNIPGPPREP.png
data
#
C:\Users\user\Downloads\SNIPGPPREP.png.vapo (copy)
data
#
C:\Users\user\Downloads\VWDFPKGDUF.jpg
data
#
C:\Users\user\Downloads\VWDFPKGDUF.jpg.vapo (copy)
data
#
C:\Users\user\Downloads\VWDFPKGDUF.mp3
data
#
C:\Users\user\Downloads\VWDFPKGDUF.mp3.vapo (copy)
data
#
C:\Users\user\Downloads\VWDFPKGDUF.pdf
data
#
C:\Users\user\Downloads\VWDFPKGDUF.pdf.vapo (copy)
data
#
C:\Users\user\Downloads\ZIPXYXWIOY.docx
data
#
C:\Users\user\Downloads\ZIPXYXWIOY.docx.vapo (copy)
data
#
C:\Users\user\Downloads\ZIPXYXWIOY.pdf
data
#
C:\Users\user\Downloads\ZIPXYXWIOY.pdf.vapo (copy)
data
#
C:\Users\user\Favorites\Amazon.url
data
#
C:\Users\user\Favorites\Amazon.url.vapo (copy)
data
#
C:\Users\user\Favorites\Bing.url
data
#
C:\Users\user\Favorites\Bing.url.vapo (copy)
data
#
C:\Users\user\Favorites\Facebook.url
data
#
C:\Users\user\Favorites\Facebook.url.vapo (copy)
data
#
C:\Users\user\Favorites\Google.url
data
#
C:\Users\user\Favorites\Google.url.vapo (copy)
data
#
C:\Users\user\Favorites\Live.url
data
#
C:\Users\user\Favorites\Live.url.vapo (copy)
data
#
C:\Users\user\Favorites\NYTimes.url
data
#
C:\Users\user\Favorites\NYTimes.url.vapo (copy)
data
#
C:\Users\user\Favorites\Reddit.url
data
#
C:\Users\user\Favorites\Reddit.url.vapo (copy)
data
#
C:\Users\user\Favorites\Twitter.url
data
#
C:\Users\user\Favorites\Twitter.url.vapo (copy)
data
#
C:\Users\user\Favorites\Wikipedia.url
data
#
C:\Users\user\Favorites\Wikipedia.url.vapo (copy)
data
#
C:\Users\user\Favorites\Youtube.url
data
#
C:\Users\user\Favorites\Youtube.url.vapo (copy)
data
#
C:\bootTel.dat
data
#
C:\bootTel.dat.vapo (copy)
data
#