IOC Report
jqXe6tttFa.exe

loading gif

Files

File Path
Type
Category
Malicious
jqXe6tttFa.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe.rtcrypted (copy)
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
data
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\DefenderCSP.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
data
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSvc.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll
data
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\endpointdlp.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AlternateServices.txt
Non-ISO extended-ASCII text
dropped
 malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txt
CSV text
dropped
 malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txt
Non-ISO extended-ASCII text, with very long lines (317), with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Non-ISO extended-ASCII text, with very long lines (1809), with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\CURQNKVOIX.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\KATAXZVCPS.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\ONBQCLYSPU\ONBQCLYSPU.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
 malicious
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Adobe Acrobat.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Firefox.lnk.rtcrypted (copy)
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 3 09:59:57 2023, mtime=Tue Oct 3 09:59:59 2023, atime=Thu Sep 28 00:41:23 2023, length=676768, window=hide
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Google Chrome.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt.rtcrypted (copy)
ASCII text, with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.rtcrypted (copy)
exported SGML document, ISO-8859 text, with very long lines (12597), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.rtcrypted (copy)
Non-ISO extended-ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.rtcrypted (copy)
Non-ISO extended-ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppxProvisioning.xml.rtcrypted (copy)
Non-ISO extended-ASCII text, with very long lines (17075), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip Help.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Notepad.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Adobe Acrobat.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Examples.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Google Chrome.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Edge.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.rtcrypted (copy)
XML 1.0 document, ASCII text, with very long lines (8149), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.rtcrypted (copy)
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Quick Assist.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Registry Editor.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.rtcrypted (copy)
MS Windows shortcut, Has Description string, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Check For Updates.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk.rtcrypted (copy)
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 19 17:35:48 2022, mtime=Tue Oct 3 09:52:01 2023, atime=Mon Sep 19 17:35:48 2022, length=2372608, window=hide
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Firefox Private Browsing.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll.rtcrypted (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\DefenderCSP.dll.rtcrypted (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll.rtcrypted (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe.rtcrypted (copy)
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe.rtcrypted (copy)
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll.rtcrypted (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSvc.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll.rtcrypted (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll.rtcrypted (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe.rtcrypted (copy)
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt.rtcrypted (copy)
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll.rtcrypted (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe.rtcrypted (copy)
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetours.dll.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll.rtcrypted (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\endpointdlp.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe.rtcrypted (copy)
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe.rtcrypted (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\StableEngineEtwLocation\mpengine_etw.dll.rtcrypted (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe.rtcrypted (copy)
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll.rtcrypted (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement.dll.rtcrypted (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetoursCopyAccelerator.dll.rtcrypted (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml.rtcrypted (copy)
ASCII text, with very long lines (3188), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml.rtcrypted (copy)
ASCII text, with very long lines (3223), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml.rtcrypted (copy)
ASCII text, with very long lines (3202), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml.rtcrypted (copy)
ASCII text, with very long lines (2654), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml.rtcrypted (copy)
ASCII text, with very long lines (2766), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml.rtcrypted (copy)
ASCII text, with very long lines (3555), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml.rtcrypted (copy)
ASCII text, with very long lines (3542), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml.rtcrypted (copy)
ASCII text, with very long lines (2777), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml.rtcrypted (copy)
ASCII text, with very long lines (2771), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml.rtcrypted (copy)
ASCII text, with very long lines (3554), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml.rtcrypted (copy)
ASCII text, with very long lines (3222), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml.rtcrypted (copy)
ASCII text, with very long lines (2800), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml.rtcrypted (copy)
ASCII text, with very long lines (2783), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\26943e1f-42ed-f190-2895-3bc2b8c4176d.xml.rtcrypted (copy)
ASCII text, with very long lines (3191), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\280b97f1-1f94-1458-c842-d18e2d1e05f9.xml.rtcrypted (copy)
ASCII text, with very long lines (3549), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml.rtcrypted (copy)
ASCII text, with very long lines (2789), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml.rtcrypted (copy)
ASCII text, with very long lines (2619), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\292d761b-1fa7-9c70-1afd-c2e4040b6577.xml.rtcrypted (copy)
ASCII text, with very long lines (3224), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml.rtcrypted (copy)
ASCII text, with very long lines (2799), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml.rtcrypted (copy)
ASCII text, with very long lines (3179), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml.rtcrypted (copy)
ASCII text, with very long lines (3350), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml.rtcrypted (copy)
ASCII text, with very long lines (3510), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml.rtcrypted (copy)
ASCII text, with very long lines (3211), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\42180d93-7e2c-7efa-09ed-dfdffa034b8e.xml.rtcrypted (copy)
ASCII text, with very long lines (3511), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml.rtcrypted (copy)
ASCII text, with very long lines (3554), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml.rtcrypted (copy)
ASCII text, with very long lines (3201), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\517cfcaf-138b-1796-2cea-62892204250a.xml.rtcrypted (copy)
ASCII text, with very long lines (2799), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml.rtcrypted (copy)
ASCII text, with very long lines (3549), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\5c834b0b-64f8-6383-854a-915ac7ddab77.xml.rtcrypted (copy)
ASCII text, with very long lines (2799), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml.rtcrypted (copy)
ASCII text, with very long lines (3202), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml.rtcrypted (copy)
ASCII text, with very long lines (3223), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\67447b0c-05cf-6740-5f7b-391ab440c42d.xml.rtcrypted (copy)
ASCII text, with very long lines (2641), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml.rtcrypted (copy)
ASCII text, with very long lines (3273), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml.rtcrypted (copy)
ASCII text, with very long lines (3333), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\6ffa25dc-c89d-3de9-3601-df09bae65a75.xml.rtcrypted (copy)
ASCII text, with very long lines (2661), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml.rtcrypted (copy)
ASCII text, with very long lines (2685), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml.rtcrypted (copy)
ASCII text, with very long lines (3229), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml.rtcrypted (copy)
ASCII text, with very long lines (2631), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml.rtcrypted (copy)
ASCII text, with very long lines (3195), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml.rtcrypted (copy)
ASCII text, with very long lines (2663), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml.rtcrypted (copy)
ASCII text, with very long lines (3533), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml.rtcrypted (copy)
ASCII text, with very long lines (2816), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml.rtcrypted (copy)
ASCII text, with very long lines (2783), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml.rtcrypted (copy)
ASCII text, with very long lines (2766), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml.rtcrypted (copy)
ASCII text, with very long lines (2669), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml.rtcrypted (copy)
ASCII text, with very long lines (2662), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\91a5b4c7-29a8-ec80-4321-fbecea906705.xml.rtcrypted (copy)
ASCII text, with very long lines (2793), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml.rtcrypted (copy)
ASCII text, with very long lines (3554), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml.rtcrypted (copy)
ASCII text, with very long lines (2832), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml.rtcrypted (copy)
ASCII text, with very long lines (2756), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml.rtcrypted (copy)
ASCII text, with very long lines (3245), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml.rtcrypted (copy)
ASCII text, with very long lines (3196), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml.rtcrypted (copy)
ASCII text, with very long lines (3190), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml.rtcrypted (copy)
ASCII text, with very long lines (2669), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml.rtcrypted (copy)
ASCII text, with very long lines (2755), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml.rtcrypted (copy)
ASCII text, with very long lines (3374), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml.rtcrypted (copy)
ASCII text, with very long lines (2756), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml.rtcrypted (copy)
ASCII text, with very long lines (2617), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml.rtcrypted (copy)
ASCII text, with very long lines (2798), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml.rtcrypted (copy)
ASCII text, with very long lines (2625), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml.rtcrypted (copy)
ASCII text, with very long lines (2657), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml.rtcrypted (copy)
ASCII text, with very long lines (2669), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml.rtcrypted (copy)
ASCII text, with very long lines (3218), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml.rtcrypted (copy)
ASCII text, with very long lines (3229), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml.rtcrypted (copy)
ASCII text, with very long lines (3229), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml.rtcrypted (copy)
ASCII text, with very long lines (3179), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\d834be1c-66d4-85d2-5bfc-720e73e8e544.xml.rtcrypted (copy)
ASCII text, with very long lines (3520), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml.rtcrypted (copy)
ASCII text, with very long lines (2642), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml.rtcrypted (copy)
ASCII text, with very long lines (2641), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml.rtcrypted (copy)
ASCII text, with very long lines (6847), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml.rtcrypted (copy)
ASCII text, with very long lines (2794), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml.rtcrypted (copy)
ASCII text, with very long lines (2652), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml.rtcrypted (copy)
ASCII text, with very long lines (3207), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ea39969e-9808-10a2-23ff-be783a132fea.xml.rtcrypted (copy)
ASCII text, with very long lines (3240), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml.rtcrypted (copy)
ASCII text, with very long lines (3184), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml.rtcrypted (copy)
ASCII text, with very long lines (2628), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml.rtcrypted (copy)
ASCII text, with very long lines (2640), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml.rtcrypted (copy)
ASCII text, with very long lines (2636), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\KeyHolder\61afd6a2-d7c3-8d25-36c2-0c2c47e3aca8.xml.rtcrypted (copy)
ASCII text, with very long lines (3003), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\AAD0B0DB-711A-45EF-A013-BDD28531EC08\en-us.16\MasterDescriptor.en-us.xml.rtcrypted (copy)
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\AAD0B0DB-711A-45EF-A013-BDD28531EC08\x-none.16\MasterDescriptor.x-none.xml.rtcrypted (copy)
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (326), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (303), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.rtcrypted (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{744D5067-632F-490D-A7F8-522F3DDB7ACB}\mpengine.dll.rtcrypted (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (326), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (1195), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (494), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.rtcrypted (copy)
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.rtcrypted (copy)
ISO-8859 text, with very long lines (340), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.rtcrypted (copy)
Non-ISO extended-ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.rtcrypted (copy)
XML 1.0 document, ASCII text, with very long lines (589), with CRLF line terminators
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.rtcrypted (copy)
Non-ISO extended-ASCII text, with very long lines (612), with CRLF line terminators
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\AGWVMYQACF.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\ATJBEMHSSB.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\BNAGMGSPLO.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\BNAGMGSPLO.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\BPMLNOBVSB.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\CURQNKVOIX.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\CURQNKVOIX.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\CURQNKVOIX.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\DVWHKMNFNN.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\DVWHKMNFNN.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\EFGRWFCUWS.jpg.rtcrypted (copy)
OpenPGP Secret Key
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\EFGRWFCUWS.mp3.rtcrypted (copy)
OpenPGP Secret Key
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\EOWRVPQCCS.png.rtcrypted (copy)
OpenPGP Secret Key
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\HTAGVDFUIE.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\JSDNGYCOWY.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\JSDNGYCOWY.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\KATAXZVCPS.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\KATAXZVCPS.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\NEBFQQYWPS.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\NIRMEKAMZH.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\NWTVCDUMOB.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\NYMMPCEIMA.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\NYMMPCEIMA.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\ONBQCLYSPU.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\UMMBDNEQBN.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\UNNQSMMCXQ.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\VLZDGUKUTZ.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\VLZDGUKUTZ.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\WUTJSCBCFX.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Recent\YPSIACHYXW.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AlternateServices.txt.rtcrypted (copy)
Non-ISO extended-ASCII text
dropped
C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txt.rtcrypted (copy)
CSV text
dropped
C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\Telemetry.FailedProfileLocks.txt.rtcrypted (copy)
very short file (no magic)
dropped
C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txt.rtcrypted (copy)
Non-ISO extended-ASCII text, with very long lines (317), with CRLF line terminators
dropped
C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js.rtcrypted (copy)
Non-ISO extended-ASCII text, with very long lines (1809), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\BPMLNOBVSB.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\CURQNKVOIX.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\DVWHKMNFNN.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\DVWHKMNFNN.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\Excel.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\Desktop\HTAGVDFUIE.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\JSDNGYCOWY.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\JSDNGYCOWY.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\KATAXZVCPS.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\KATAXZVCPS.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\NWTVCDUMOB.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\ONBQCLYSPU.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\ONBQCLYSPU\DVWHKMNFNN.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\ONBQCLYSPU\HTAGVDFUIE.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\ONBQCLYSPU\KATAXZVCPS.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\ONBQCLYSPU\ONBQCLYSPU.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\ONBQCLYSPU\VLZDGUKUTZ.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\UMMBDNEQBN.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\UMMBDNEQBN\BPMLNOBVSB.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\UMMBDNEQBN\CURQNKVOIX.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\UMMBDNEQBN\DVWHKMNFNN.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\UMMBDNEQBN\JSDNGYCOWY.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\VLZDGUKUTZ.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\VLZDGUKUTZ.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\VLZDGUKUTZ\JSDNGYCOWY.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\VLZDGUKUTZ\KATAXZVCPS.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\VLZDGUKUTZ\NWTVCDUMOB.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\VLZDGUKUTZ\VLZDGUKUTZ.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\VLZDGUKUTZ\YPSIACHYXW.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Desktop\YPSIACHYXW.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\BPMLNOBVSB.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\CURQNKVOIX.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\DVWHKMNFNN.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\DVWHKMNFNN.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\HTAGVDFUIE.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\JSDNGYCOWY.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\JSDNGYCOWY.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\KATAXZVCPS.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\KATAXZVCPS.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\NWTVCDUMOB.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\ONBQCLYSPU.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\ONBQCLYSPU\DVWHKMNFNN.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\ONBQCLYSPU\HTAGVDFUIE.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\ONBQCLYSPU\KATAXZVCPS.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\ONBQCLYSPU\ONBQCLYSPU.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\ONBQCLYSPU\VLZDGUKUTZ.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\UMMBDNEQBN.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\UMMBDNEQBN\BPMLNOBVSB.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\UMMBDNEQBN\CURQNKVOIX.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\UMMBDNEQBN\DVWHKMNFNN.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\UMMBDNEQBN\JSDNGYCOWY.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\VLZDGUKUTZ.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\VLZDGUKUTZ.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\VLZDGUKUTZ\JSDNGYCOWY.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\VLZDGUKUTZ\KATAXZVCPS.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\VLZDGUKUTZ\NWTVCDUMOB.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\VLZDGUKUTZ\YPSIACHYXW.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Documents\YPSIACHYXW.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\BPMLNOBVSB.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\CURQNKVOIX.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\DVWHKMNFNN.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\DVWHKMNFNN.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\HTAGVDFUIE.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\JSDNGYCOWY.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\JSDNGYCOWY.mp3.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\KATAXZVCPS.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\KATAXZVCPS.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\NWTVCDUMOB.jpg.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\ONBQCLYSPU.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\UMMBDNEQBN.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\VLZDGUKUTZ.docx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\VLZDGUKUTZ.xlsx.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Downloads\YPSIACHYXW.png.rtcrypted (copy)
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Documents and Settings\user\Links\Desktop.lnk.rtcrypted (copy)
data
dropped
C:\Documents and Settings\user\Links\Downloads.lnk.rtcrypted (copy)
data
dropped
C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml
data
dropped
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml
XML 1.0 document, ASCII text, with very long lines (589), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml
ISO-8859 text, with very long lines (340), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml
Non-ISO extended-ASCII text, with very long lines (612), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml
Non-ISO extended-ASCII text, with very long lines (65536), with no line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\AAD0B0DB-711A-45EF-A013-BDD28531EC08\en-us.16\MasterDescriptor.en-us.xml
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\AAD0B0DB-711A-45EF-A013-BDD28531EC08\x-none.16\MasterDescriptor.x-none.xml
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml
data
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml
data
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml
data
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml
data
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (326), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (1195), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (494), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml
data
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (326), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (303), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml
data
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml
data
dropped
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Diagnosis\osver.txt
ASCII text, with no line terminators
dropped
C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml
exported SGML document, ISO-8859 text, with very long lines (12597), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml
XML 1.0 document, ASCII text, with very long lines (8149), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
Non-ISO extended-ASCII text, with very long lines (65536), with no line terminators
dropped
C:\ProgramData\Microsoft\User Account Pictures\guest.png
data
dropped
C:\ProgramData\Microsoft\User Account Pictures\user-192.png
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
dropped
C:\ProgramData\Microsoft\User Account Pictures\user-32.png
data
dropped
C:\ProgramData\Microsoft\User Account Pictures\user-40.png
data
dropped
C:\ProgramData\Microsoft\User Account Pictures\user-48.png
data
dropped
C:\ProgramData\Microsoft\User Account Pictures\user.bmp
Non-ISO extended-ASCII text, with very long lines (65536), with no line terminators
dropped
C:\ProgramData\Microsoft\User Account Pictures\user.png
data
dropped
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\StableEngineEtwLocation\mpengine_etw.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{744D5067-632F-490D-A7F8-522F3DDB7ACB}\mpengine.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAsDesc.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpLics.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ThirdPartyNotices.txt
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetours.dll
data
dropped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpDetoursCopyAccelerator.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows\AppxProvisioning.xml
Non-ISO extended-ASCII text, with very long lines (17075), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml
ASCII text, with very long lines (3188), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml
ASCII text, with very long lines (3223), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml
ASCII text, with very long lines (3202), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml
ASCII text, with very long lines (2654), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0f8e2cd5-b8eb-7a22-b9e9-9b1183fa0a84.xml
ASCII text, with very long lines (2766), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\13edb933-4688-0f79-3d0a-499edf952ba0.xml
ASCII text, with very long lines (3555), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml
ASCII text, with very long lines (3542), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\18549a9c-bedc-b855-f0e6-0787d8b3300d.xml
ASCII text, with very long lines (2777), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml
ASCII text, with very long lines (2771), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1e77870d-1a93-60e5-ffda-9653c7cad20a.xml
ASCII text, with very long lines (3554), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1f7b7aa2-506a-03cd-6648-5b78ac12040f.xml
ASCII text, with very long lines (3222), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\1faf63f7-f387-4522-1175-68c9652d968a.xml
ASCII text, with very long lines (2800), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml
ASCII text, with very long lines (2783), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\26943e1f-42ed-f190-2895-3bc2b8c4176d.xml
ASCII text, with very long lines (3191), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\280b97f1-1f94-1458-c842-d18e2d1e05f9.xml
ASCII text, with very long lines (3549), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml
ASCII text, with very long lines (2789), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml
ASCII text, with very long lines (2619), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\292d761b-1fa7-9c70-1afd-c2e4040b6577.xml
ASCII text, with very long lines (3224), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2b5d0f60-d93b-1629-f3e5-4167231c7ee6.xml
ASCII text, with very long lines (2799), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\2ff6ba33-4212-e6d3-dcc2-11aadb3d61ef.xml
ASCII text, with very long lines (3179), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\306e67c8-9a1d-38de-8654-054bd8a6e6d6.xml
ASCII text, with very long lines (3350), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml
ASCII text, with very long lines (3510), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml
ASCII text, with very long lines (3211), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\42180d93-7e2c-7efa-09ed-dfdffa034b8e.xml
ASCII text, with very long lines (3511), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\436e78a7-dabb-5a30-f98d-963a03bf8af1.xml
ASCII text, with very long lines (3554), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml
ASCII text, with very long lines (3201), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\517cfcaf-138b-1796-2cea-62892204250a.xml
ASCII text, with very long lines (2799), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\52a7e8cc-4b89-0eb8-5b4c-0f924bfc3949.xml
ASCII text, with very long lines (3549), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\5c834b0b-64f8-6383-854a-915ac7ddab77.xml
ASCII text, with very long lines (2799), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml
ASCII text, with very long lines (3202), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml
ASCII text, with very long lines (3223), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\67447b0c-05cf-6740-5f7b-391ab440c42d.xml
ASCII text, with very long lines (2641), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ab96728-2783-240f-370f-afa9d4e52fdd.xml
ASCII text, with very long lines (3273), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml
ASCII text, with very long lines (3333), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\6ffa25dc-c89d-3de9-3601-df09bae65a75.xml
ASCII text, with very long lines (2661), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml
ASCII text, with very long lines (2685), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml
ASCII text, with very long lines (3229), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml
ASCII text, with very long lines (2631), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml
ASCII text, with very long lines (3195), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml
ASCII text, with very long lines (2663), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\832f9d1e-5f47-dfb1-157b-5239adf4c1db.xml
ASCII text, with very long lines (3533), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml
ASCII text, with very long lines (2816), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml
ASCII text, with very long lines (2783), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8cfc804a-d777-2361-1670-4569e516397e.xml
ASCII text, with very long lines (2766), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml
ASCII text, with very long lines (2669), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml
ASCII text, with very long lines (2662), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\91a5b4c7-29a8-ec80-4321-fbecea906705.xml
ASCII text, with very long lines (2793), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9a9f1e94-851b-c6b4-27c0-55a242e0d96d.xml
ASCII text, with very long lines (3554), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml
ASCII text, with very long lines (2832), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml
ASCII text, with very long lines (2756), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml
ASCII text, with very long lines (3245), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a92561ce-87c0-7d40-42ea-c87d237c0db0.xml
ASCII text, with very long lines (3196), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\abbb44f6-ae33-2e7c-ac40-4d8ac17bf46b.xml
ASCII text, with very long lines (3190), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml
ASCII text, with very long lines (2669), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml
ASCII text, with very long lines (2755), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b59f5123-f94a-28bc-cf2d-1f77c3cd60ad.xml
ASCII text, with very long lines (3374), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b6126597-8ecb-81b4-8b3a-1430dc2988c1.xml
ASCII text, with very long lines (2756), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml
ASCII text, with very long lines (2617), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml
ASCII text, with very long lines (2798), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml
ASCII text, with very long lines (2625), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml
ASCII text, with very long lines (2657), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml
ASCII text, with very long lines (2669), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml
ASCII text, with very long lines (3218), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml
ASCII text, with very long lines (3229), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml
ASCII text, with very long lines (3229), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml
ASCII text, with very long lines (3179), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\d834be1c-66d4-85d2-5bfc-720e73e8e544.xml
ASCII text, with very long lines (3520), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml
ASCII text, with very long lines (2642), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml
ASCII text, with very long lines (2641), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e78cdb72-8076-1aa5-5df6-048300a0f594.xml
ASCII text, with very long lines (6847), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml
ASCII text, with very long lines (2794), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml
ASCII text, with very long lines (2652), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\e9bff135-4a26-0e2f-d743-30d9666eed8e.xml
ASCII text, with very long lines (3207), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ea39969e-9808-10a2-23ff-be783a132fea.xml
ASCII text, with very long lines (3240), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml
ASCII text, with very long lines (3184), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml
ASCII text, with very long lines (2628), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\f1d940d0-b5b2-0083-8403-807a8db430d5.xml
ASCII text, with very long lines (2640), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml
ASCII text, with very long lines (2636), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\KeyHolder\61afd6a2-d7c3-8d25-36c2-0c2c47e3aca8.xml
ASCII text, with very long lines (3003), with no line terminators
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
MS Windows shortcut, Has Description string, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For SQLite Updates.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 19 17:35:48 2022, mtime=Tue Oct 3 09:52:01 2023, atime=Mon Sep 19 17:35:48 2022, length=2372608, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
data
dropped
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
data
dropped
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
data
dropped
C:\Users\Public\Desktop\Adobe Acrobat.lnk
data
dropped
C:\Users\Public\Desktop\Firefox.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Oct 3 09:59:57 2023, mtime=Tue Oct 3 09:59:59 2023, atime=Thu Sep 28 00:41:23 2023, length=676768, window=hide
dropped
C:\Users\Public\Desktop\Google Chrome.lnk
data
dropped
C:\Users\user\AppData\Local\RansomeToad.txt
ASCII text
modified
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AGWVMYQACF.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ATJBEMHSSB.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BNAGMGSPLO.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BNAGMGSPLO.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BPMLNOBVSB.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CURQNKVOIX.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CURQNKVOIX.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CURQNKVOIX.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DVWHKMNFNN.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DVWHKMNFNN.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFGRWFCUWS.jpg
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EFGRWFCUWS.mp3
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EOWRVPQCCS.png
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HTAGVDFUIE.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\JSDNGYCOWY.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\JSDNGYCOWY.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KATAXZVCPS.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KATAXZVCPS.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NEBFQQYWPS.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NIRMEKAMZH.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NWTVCDUMOB.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NYMMPCEIMA.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NYMMPCEIMA.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ONBQCLYSPU.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UMMBDNEQBN.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UNNQSMMCXQ.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VLZDGUKUTZ.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VLZDGUKUTZ.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\WUTJSCBCFX.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\YPSIACHYXW.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\Telemetry.FailedProfileLocks.txt
very short file (no magic)
dropped
C:\Users\user\Desktop\BPMLNOBVSB.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\DVWHKMNFNN.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\DVWHKMNFNN.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\Excel.lnk
data
dropped
C:\Users\user\Desktop\HTAGVDFUIE.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\JSDNGYCOWY.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\JSDNGYCOWY.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\KATAXZVCPS.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\NWTVCDUMOB.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\ONBQCLYSPU.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\ONBQCLYSPU\DVWHKMNFNN.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\ONBQCLYSPU\HTAGVDFUIE.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\ONBQCLYSPU\KATAXZVCPS.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\ONBQCLYSPU\VLZDGUKUTZ.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN\BPMLNOBVSB.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN\CURQNKVOIX.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN\DVWHKMNFNN.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN\JSDNGYCOWY.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\VLZDGUKUTZ.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\VLZDGUKUTZ.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\VLZDGUKUTZ\JSDNGYCOWY.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\VLZDGUKUTZ\KATAXZVCPS.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\VLZDGUKUTZ\NWTVCDUMOB.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\VLZDGUKUTZ\VLZDGUKUTZ.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\VLZDGUKUTZ\YPSIACHYXW.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Desktop\YPSIACHYXW.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\BPMLNOBVSB.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\CURQNKVOIX.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\DVWHKMNFNN.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\DVWHKMNFNN.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\HTAGVDFUIE.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\JSDNGYCOWY.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\JSDNGYCOWY.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\KATAXZVCPS.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\KATAXZVCPS.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\NWTVCDUMOB.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\ONBQCLYSPU.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\ONBQCLYSPU\DVWHKMNFNN.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\ONBQCLYSPU\HTAGVDFUIE.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\ONBQCLYSPU\KATAXZVCPS.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\ONBQCLYSPU\ONBQCLYSPU.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\ONBQCLYSPU\VLZDGUKUTZ.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN\BPMLNOBVSB.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN\CURQNKVOIX.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN\DVWHKMNFNN.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN\JSDNGYCOWY.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\VLZDGUKUTZ.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\VLZDGUKUTZ.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\VLZDGUKUTZ\JSDNGYCOWY.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\VLZDGUKUTZ\KATAXZVCPS.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\VLZDGUKUTZ\NWTVCDUMOB.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\VLZDGUKUTZ\YPSIACHYXW.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Documents\YPSIACHYXW.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\BPMLNOBVSB.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\CURQNKVOIX.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\DVWHKMNFNN.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\DVWHKMNFNN.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\HTAGVDFUIE.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\JSDNGYCOWY.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\JSDNGYCOWY.mp3
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\KATAXZVCPS.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\KATAXZVCPS.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\NWTVCDUMOB.jpg
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\ONBQCLYSPU.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\UMMBDNEQBN.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\VLZDGUKUTZ.docx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\VLZDGUKUTZ.xlsx
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Downloads\YPSIACHYXW.png
ISO-8859 text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\Links\Desktop.lnk
data
dropped
C:\Users\user\Links\Downloads.lnk
data
dropped
There are 772 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\jqXe6tttFa.exe
"C:\Users\user\Desktop\jqXe6tttFa.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://primearea.biz/product/235093/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1968,i,11388631023662119758,12511579874386185583,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
http://www.fontbureau.com/designersG
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
http://www.fontbureau.com/designers?
unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
unknown
http://www.tiro.com
unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
unknown
https://primearea.biz/product/235093/
67.225.218.22
http://www.fontbureau.com/designers
unknown
http://www.goodfont.co.kr
unknown
https://primearea.biz/product/235093/X
unknown
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web
unknown
http://www.carterandcone.coml
unknown
http://www.sajatypeworks.com
unknown
http://www.typography.netD
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
http://www.founder.com.cn/cn/cThe
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
http://www.founder.com.cn/cn
unknown
http://www.fontbureau.com/designers/frere-user.html
unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
unknown
http://www.jiyu-kobo.co.jp/
unknown
https://primearea.biz/product/235093/3Decrypting...
unknown
https://primearea.biz/product/235093/xU
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://www.fontbureau.com/designers8
unknown
https://primearea.biz/product/235093/q
unknown
http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
https://primearea.biz/product/235093/l
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
http://www.urwpp.deDPlease
unknown
http://www.zhongyicts.com.cn
unknown
https://primearea.biz/product/235093/o
unknown
http://www.sakkal.com
unknown
https://primearea.biz/product/235093/.0lnkM
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
unknown
https://primearea.biz/product/235093/5
unknown
https://primearea.biz/product/235093/qSOFTWARE
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
unknown
https://primearea.biz/product/235093/w
unknown
There are 37 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.google.com
64.233.177.104
primearea.biz
67.225.218.22

IPs

IP
Domain
Country
Malicious
64.233.177.104
www.google.com
United States
239.255.255.250
unknown
Reserved
67.225.218.22
primearea.biz
United States
192.168.2.4
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Ransomtoad

Memdumps

Base Address
Regiontype
Protect
Malicious
9A0000
trusted library allocation
page read and write
1A8AF000
heap
page read and write
7FFD9B762000
trusted library allocation
page read and write
1B1A0000
heap
page execute and read and write
BA0000
heap
page read and write
7FFD9B774000
trusted library allocation
page read and write
7FFD9B900000
trusted library allocation
page execute and read and write
7FFD9B810000
trusted library allocation
page execute and read and write
640000
heap
page read and write
BA3000
heap
page read and write
7FFD9B754000
trusted library allocation
page read and write
6FC000
heap
page read and write
1B0FE000
stack
page read and write
7FFD9B80C000
trusted library allocation
page execute and read and write
7FFD9B800000
trusted library allocation
page read and write
7FFD9B77D000
trusted library allocation
page execute and read and write
2521000
trusted library allocation
page read and write
980000
trusted library allocation
page read and write
620000
heap
page read and write
7FFD9B770000
trusted library allocation
page read and write
7FF4DD0E0000
trusted library allocation
page execute and read and write
1B6E5000
heap
page read and write
C70000
heap
page read and write
BB0000
heap
page read and write
7FFD9B7AC000
trusted library allocation
page execute and read and write
1D2EC000
stack
page read and write
1C7F0000
trusted library allocation
page read and write
1C812000
trusted library allocation
page read and write
1AF23000
heap
page read and write
660000
heap
page read and write
7FFD9B753000
trusted library allocation
page execute and read and write
3C5000
stack
page read and write
7FFD9B806000
trusted library allocation
page read and write
76C000
heap
page read and write
B60000
heap
page read and write
1AF00000
heap
page read and write
1B1D0000
heap
page execute and read and write
7FFD9B75D000
trusted library allocation
page execute and read and write
690000
heap
page read and write
6FE000
heap
page read and write
C75000
heap
page read and write
7FFD9B8F0000
trusted library allocation
page read and write
125CC000
trusted library allocation
page read and write
1CBF0000
heap
page read and write
1AF30000
heap
page read and write
9B0000
heap
page execute and read and write
1CFFE000
stack
page read and write
95D000
stack
page read and write
6BA000
heap
page read and write
1AABD000
stack
page read and write
1AF9E000
heap
page read and write
7FFD9B760000
trusted library allocation
page read and write
1B6F0000
heap
page read and write
12549000
trusted library allocation
page read and write
B20000
heap
page read and write
282000
unkown
page readonly
1B6E0000
heap
page read and write
7FFD9B76D000
trusted library allocation
page execute and read and write
7FFD9B870000
trusted library allocation
page execute and read and write
696000
heap
page read and write
280000
unkown
page readonly
7FFD9B836000
trusted library allocation
page execute and read and write
69C000
heap
page read and write
7FFD9B77B000
trusted library allocation
page execute and read and write
A05000
heap
page read and write
280000
unkown
page readonly
1AFB6000
heap
page read and write
12521000
trusted library allocation
page read and write
1A550000
trusted library allocation
page read and write
1B2DF000
stack
page read and write
A00000
heap
page read and write
B0E000
stack
page read and write
251E000
stack
page read and write
6D0000
heap
page read and write
1AEF5000
stack
page read and write
9C3000
trusted library allocation
page read and write
6D3000
heap
page read and write
2F21000
trusted library allocation
page read and write
1AFC0000
heap
page read and write
1B700000
heap
page read and write
B50000
trusted library section
page readonly
1B3DF000
stack
page read and write
B90000
trusted library allocation
page read and write
610000
heap
page read and write
C40000
trusted library section
page read and write
1B71E000
heap
page read and write
1B5FC000
stack
page read and write
1B4F0000
heap
page read and write
9C0000
trusted library allocation
page read and write
12591000
trusted library allocation
page read and write
1B1D3000
heap
page execute and read and write
There are 81 hidden memdumps, click here to show them.