IOC Report
R5391762lf.exe

loading gif

Files

File Path
Type
Category
Malicious
R5391762lf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\$WinREAgent\Scratch\_README.txt
ASCII text, with CRLF line terminators
dropped
 malicious
C:\$WinREAgent\_README.txt
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build3.exe
MS-DOS executable
dropped
 malicious
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
data
dropped
 malicious
C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
data
dropped
 malicious
C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000010.db
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000011.db
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\76561199673019888[1].htm
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\build3[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\sqln[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\input\en-GB\userdict_v1.0809.dat
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{09d41dfb-343c-4c64-80de-0d8ebc18a6b9}\Apps.ft
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{407fe2cc-e6ee-4027-aa00-b9fdf3f5b8e5}\0.0.filtertrie.intermediate.txt
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{407fe2cc-e6ee-4027-aa00-b9fdf3f5b8e5}\Apps.ft
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fe191046-14e8-4e49-a1f5-f429b2cab500}\0.0.filtertrie.intermediate.txt
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fe191046-14e8-4e49-a1f5-f429b2cab500}\Apps.ft
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\appsglobals.txt
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\settingsglobals.txt
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\settingssynonyms.txt
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7fa4f3cd-f899-4abc-9ee3-31954eeeae00}\0.0.filtertrie.intermediate.txt
data
dropped
 malicious
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{d898effa-5251-49be-909e-6a34c1643269}\0.0.filtertrie.intermediate.txt
data
dropped
 malicious
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
data
dropped
 malicious
C:\Users\user\AppData\Local\VirtualStore\_README.txt
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Desktop\GRXZDKKVDB.mp3
data
dropped
 malicious
C:\Users\user\Desktop\IPKGELNTQY.docx
data
dropped
 malicious
C:\Users\user\Desktop\SFPUSAFIOL\ZQIXMVQGAH.pdf
data
dropped
 malicious
C:\Users\user\Downloads\PIVFAGEAAV.mp3
COM executable for DOS
dropped
 malicious
C:\Users\user\Downloads\PIVFAGEAAV.mp3.bgjs (copy)
COM executable for DOS
dropped
 malicious
C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache64.bin.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Application Data\Application Data\Application Data\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build3.exe.bgjs (copy)
MS-DOS executable
dropped
 malicious
C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Google\Chrome\User Data\first_party_sets.db.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Office\OTele\excel.exe.db.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Office\OTele\officec2rclient.exe.db.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Office\OTele\officeclicktorun.exe.db.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Office\OTele\officesetup.exe.db.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000010.db.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000011.db.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\Windows\Shell\DefaultLayouts.xml.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Microsoft\input\en-GB\userdict_v1.0809.dat.bgjs (copy)
data
dropped
 malicious
C:\Users\user\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.bgjs (copy)
data
dropped
 malicious
C:\Users\user\_README.txt
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\jones\AppData\Local\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db
data
dropped
 malicious
C:\Users\jones\AppData\Local\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db-shm
data
dropped
 malicious
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
data
dropped
 malicious
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
data
dropped
 malicious
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
data
dropped
 malicious
C:\Users\jones\AppData\Local\IconCache.db
data
dropped
 malicious
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
data
dropped
 malicious
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
data
dropped
 malicious
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
data
dropped
 malicious
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230170v1.xml
data
dropped
 malicious
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230172v1.xml
data
dropped
 malicious
C:\Users\jones\AppData\Local\Microsoft\Windows\Safety\edge\remote\script_300161259571223429446516194326035503227.rel.v2
data
dropped
 malicious
C:\Users\jones\AppData\Local\Microsoft\Windows\Safety\shell\remote\script_96032244749497702726114603847611723578.rel.v2
data
dropped
 malicious
C:\Users\jones\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache\webext.sc.lz4
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\DL2P1Z6X\pwa-vendors~left-nav-rc.52c45571d19ede0a7005.chunk.v7[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\DL2P1Z6X\sharedscripts-939520eada[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\DL2P1Z6X\staticpwascripts-30998bff8f[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\IINQQITY\pwa-bootstrap-5e7af218e953d095fabf[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\IINQQITY\pwa-left-nav-rc.6c288f9aff9797959103.chunk.v7[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\IINQQITY\thirdpartynotice[1].htm
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\KAT9HXAG\hero-image-desktop-f6720a4145[1].jpg
JPEG image data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\KAT9HXAG\microsoft-365-logo-01d5ecd01a[1].png
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\KAT9HXAG\pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7[1].css
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\KAT9HXAG\pwa-forms-group~mru~officeforms-group-forms~officeforms-my-forms~places.bcdc404c7fe22f14ccad.chunk.v7[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\LCNHN4MU\otel-logger-104bffe9378b8041455c[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\LCNHN4MU\pwa-bundle-994d8943fc9264e2f8d3[1].css
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\LCNHN4MU\pwa-mru.9ba2d4c9e339ba497e10.chunk.v7[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\AC\INetCache\GOGXYOSL\1446_8.53.0[1].json
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\DLAKQVF0\accountcorepackage_7RPOlbJQzUEPp9Cr7jKSkg2[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\HSLUET3E\bootstrap_3.3.0_B68S-_daR6nLiLVZsh4XiA2[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\HSLUET3E\jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\HSLUET3E\knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\HSLUET3E\knockout_old_GJ62c6D9R5HuKFdkoO8XYw2[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\I8BK050T\jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\I8BK050T\lwsignuphoststringscountrybirthdate_en-gb_tXeUWmrL4gUQDx-AaHVz2g2[1].js
data
dropped
 malicious
C:\Users\jones\AppData\Local\Temp\wctF86A.tmp
MS-DOS executable
dropped
 malicious
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg
JPEG image data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqlite
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite
data
dropped
 malicious
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite-shm
data
dropped
 malicious
C:\Users\jones\Local Settings\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db-shm.bgjs (copy)
data
dropped
 malicious
C:\Users\jones\Local Settings\IconCache.db.bgjs (copy)
data
dropped
 malicious
C:\Users\jones\Local Settings\Temp\wctEA40.tmp.bgjs (copy)
data
dropped
 malicious
C:\Users\jones\Local Settings\Temp\wctF86A.tmp.bgjs (copy)
MS-DOS executable
dropped
 malicious
C:\Users\jones\_README.txt
ASCII text, with CRLF line terminators
dropped
 malicious
C:\_README.txt
ASCII text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\AFBAKKFCBFHIIEBGIDBGIDHIEH
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\ProgramData\CAKKJKKECFIDGDHIJEGD
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\IIJEBFCF
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\SystemID\PersonalID.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\.curlrc
data
dropped
C:\Users\user\.curlrc.bgjs (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.bgjs (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.bgjs (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.bgjs (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.bgjs (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.bgjs (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log.bgjs (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG.old
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG.old.bgjs (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log.bgjs (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG.old
data
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG.old.bgjs (copy)
data
dropped
C:\Users\user\AppData\Local\.curlrc
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst
PostScript document text
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst
PostScript document text
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
data
dropped
C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst
data
dropped
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp
data
dropped
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx
data
dropped
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
data
dropped
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
data
dropped
C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx
data
dropped
C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm
data
dropped
C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol
data
dropped
C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
data
dropped
C:\Users\user\AppData\Local\IconCache.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\InspectorOfficeGadget.exe.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.chk
data
dropped
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs
data
dropped
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs
data
dropped
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbtmp.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
data
dropped
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120659v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120660v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120661v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120662v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120663v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120664v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120665v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120666v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120667v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120668v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120669v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120670v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120671v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120672v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120673v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120674v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120675v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120676v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120677v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120678v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120679v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120680v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120681v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120682v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule130009v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170000v6.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170002v6.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170003v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170005v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170007v5.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170009v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170011v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170012v8.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170013v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170014v4.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170016v7.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170019v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170021v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170022v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170024v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170026v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170027v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170030v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170032v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170033v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170034v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170035v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170037v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170038v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170039v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170040v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170041v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170042v4.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170043v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170044v4.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170048v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170050v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170051v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170052v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170053v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170054v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170055v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170056v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170058v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170059v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170060v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170061v5.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170065v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170068v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170069v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170070v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170071v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170072v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170073v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170074v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170075v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170076v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170077v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170078v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170080v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170081v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170082v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170083v6.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170086v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170087v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170088v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170089v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170091v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170095v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170096v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170097v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170098v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170099v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170103v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170104v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170105v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170106v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170107v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170110v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170111v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170112v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170113v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170114v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170115v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170116v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170117v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170118v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170127v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170129v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170130v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170133v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170134v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170135v4.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170136v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170137v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170138v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170139v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170140v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170141v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170142v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180003v5.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180026v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180027v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180028v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180029v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180030v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180031v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180032v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180034v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180043v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180049v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180051v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180052v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180057v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180058v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180059v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180063v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180064v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180065v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180066v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180072v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180077v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180078v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180079v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180080v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180084v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180087v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180135v4.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180136v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180143v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180159v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180160v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180161v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180162v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180163v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180177v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180178v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180181v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180182v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180183v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180195v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180200v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule180202v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule220004v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule220035v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule220036v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222015v6.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222042v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222043v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222049v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222100v7.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222101v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222102v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule222200v5.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224008v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224010v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224011v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224012v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224013v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224059v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224060v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224061v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224062v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224068v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224072v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224073v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224074v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224075v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224082v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224083v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224084v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224085v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224086v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224087v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224900v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224901v11.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224902v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224903v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224906v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule224910v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule226000v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule226003v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule226009v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule230161v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23068v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23070v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23120v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23122v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23123v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23124v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule23125v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240005v8.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240006v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240007v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240008v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240009v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240010v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240012v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240013v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240014v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240015v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240016v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240018v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240020v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240021v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240025v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240026v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240029v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240030v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240031v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240032v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240033v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240034v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240038v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule240039v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241000v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241001v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule241002v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270000v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270001v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270002v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270003v2.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270004v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270010v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270011v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270012v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270013v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270014v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270015v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule270016v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11793v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11794v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11834v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11882v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11890v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11930v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11931v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11932v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11933v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11939v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11950v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11981v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11989v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120100v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120119v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120128v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule12019v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule12035v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120402v21.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120600v4.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120601v3.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120602v8.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120603v8.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120607v1.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120608v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120609v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120610v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120611v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120612v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120613v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120614v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120615v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120616v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120617v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120618v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120619v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120620v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120621v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120622v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120623v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120624v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120625v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120626v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120627v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120628v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120629v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120630v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120631v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120632v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120633v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120634v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120635v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120636v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120637v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120638v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120639v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120640v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120641v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120642v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120643v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120644v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120645v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120646v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120647v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120648v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120649v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120650v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120651v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120652v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120653v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120654v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120655v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120656v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120657v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120658v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120659v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120660v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120661v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120662v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120663v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120664v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120665v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120666v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120667v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120668v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120669v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120670v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120671v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120672v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120673v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120674v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120675v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120676v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120677v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120678v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120679v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120680v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120681v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120682v0.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222015v6.xml
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt
data
dropped
C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\1521f696d8626c8e8127c0284ab987ff1974f39a.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\f036564d8b727dbe99499799c7e51936a642f62a.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\2057\StructuredQuerySchema.bin
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.3.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{29565D0C-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\get[1].htm
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\get[2].htm
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100004.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log
data
dropped
C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{09d41dfb-343c-4c64-80de-0d8ebc18a6b9}\Apps.index
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{407fe2cc-e6ee-4027-aa00-b9fdf3f5b8e5}\Apps.index
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fe191046-14e8-4e49-a1f5-f429b2cab500}\Apps.index
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\apps.csg
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\apps.schema
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\appsconversions.txt
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\appssynonyms.txt
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\settings.csg
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\settings.schema
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{764e754d-fbdd-43df-9a27-cbb01dbf5078}\settingsconversions.txt
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7fa4f3cd-f899-4abc-9ee3-31954eeeae00}\Settings.ft
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7fa4f3cd-f899-4abc-9ee3-31954eeeae00}\Settings.index
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{d898effa-5251-49be-909e-6a34c1643269}\Settings.ft
data
dropped
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{d898effa-5251-49be-909e-6a34c1643269}\Settings.index
data
dropped
C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error
data
dropped
C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb
data
dropped
C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error
data
dropped
C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb
data
dropped
C:\Users\user\AppData\Local\bowsakkdestx.txt
data
dropped
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Roaming\.curlrc
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ATSCRGPSUM.png
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BWDRWEEARI.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BWDRWEEARI.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BWDRWEEARI.xlsx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EDCVNYNUAA.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EEGWXUHVUG.png
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EVCMENBQHP.jpg
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GRXZDKKVDB.docx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GRXZDKKVDB.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GRXZDKKVDB.xlsx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HQJBRDYKDE.png
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IPKGELNTQY.docx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IPKGELNTQY.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KLIZUSIQEN.docx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\KLIZUSIQEN.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LSBIHQFDVT.png
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MXPXCVPDVN.docx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NEBFQQYWPS.jpg
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NEBFQQYWPS.xlsx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.jpg
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PIVFAGEAAV.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.png
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCFWYSKMHA.docx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QCFWYSKMHA.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QNCYCDFIJJ.jpg
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QRUSBVEBEH.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\RNCDIJFLUP.png
PRO-PACK archive data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SFPUSAFIOL.docx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SFPUSAFIOL.xlsx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UNKRLCVOHV.jpg
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UNKRLCVOHV.xlsx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VFMANBAXKI.jpg
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VFMANBAXKI.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZQIXMVQGAH.mp3
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZQIXMVQGAH.pdf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZQIXMVQGAH.xlsx
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
data
dropped
C:\Users\user\Application Data\.curlrc.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Adobe\Acrobat\DC\TMDocs.sav.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Adobe\Acrobat\DC\TMGrpPrm.sav.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Libraries\CameraRoll.library-ms.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Libraries\Documents.library-ms.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Libraries\Music.library-ms.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Libraries\Pictures.library-ms.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Libraries\SavedPictures.library-ms.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Libraries\Videos.library-ms.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\ATSCRGPSUM.png.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\BWDRWEEARI.mp3.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\BWDRWEEARI.pdf.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\BWDRWEEARI.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\EDCVNYNUAA.pdf.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\EEGWXUHVUG.png.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\EVCMENBQHP.jpg.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\GRXZDKKVDB.docx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\GRXZDKKVDB.mp3.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\GRXZDKKVDB.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\HQJBRDYKDE.png.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\IPKGELNTQY.docx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\IPKGELNTQY.pdf.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\KLIZUSIQEN.docx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\KLIZUSIQEN.pdf.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\LSBIHQFDVT.png.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\MXPXCVPDVN.docx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\NEBFQQYWPS.jpg.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\NEBFQQYWPS.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\PIVFAGEAAV.jpg.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\PIVFAGEAAV.mp3.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\PWCCAWLGRE.png.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\QCFWYSKMHA.docx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\QCFWYSKMHA.pdf.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\QNCYCDFIJJ.jpg.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\QRUSBVEBEH.mp3.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\RNCDIJFLUP.png.bgjs (copy)
PRO-PACK archive data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\SFPUSAFIOL.docx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\SFPUSAFIOL.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\UNKRLCVOHV.jpg.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\UNKRLCVOHV.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\VFMANBAXKI.jpg.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\VFMANBAXKI.mp3.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\ZQIXMVQGAH.mp3.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\ZQIXMVQGAH.pdf.bgjs (copy)
data
dropped
C:\Users\user\Application Data\Microsoft\Windows\Recent\ZQIXMVQGAH.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\EEGWXUHVUG.png
data
dropped
C:\Users\user\Desktop\EEGWXUHVUG.png.bgjs (copy)
data
dropped
C:\Users\user\Desktop\GRXZDKKVDB.mp3.bgjs (copy)
data
dropped
C:\Users\user\Desktop\IPKGELNTQY.docx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\IPKGELNTQY.pdf
data
dropped
C:\Users\user\Desktop\IPKGELNTQY.pdf.bgjs (copy)
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\EEGWXUHVUG.png
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\EEGWXUHVUG.png.bgjs (copy)
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\GRXZDKKVDB.mp3
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\GRXZDKKVDB.mp3.bgjs (copy)
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\IPKGELNTQY.docx
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\IPKGELNTQY.docx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\PIVFAGEAAV.jpg
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\PIVFAGEAAV.jpg.bgjs (copy)
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\QCFWYSKMHA.pdf
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\QCFWYSKMHA.pdf.bgjs (copy)
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\ZQIXMVQGAH.xlsx
data
dropped
C:\Users\user\Desktop\IPKGELNTQY\ZQIXMVQGAH.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\LSBIHQFDVT.png
data
dropped
C:\Users\user\Desktop\LSBIHQFDVT.png.bgjs (copy)
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN.docx
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN.docx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN\IPKGELNTQY.pdf
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN\IPKGELNTQY.pdf.bgjs (copy)
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN\LSBIHQFDVT.png
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN\LSBIHQFDVT.png.bgjs (copy)
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN\MXPXCVPDVN.docx
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN\MXPXCVPDVN.docx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN\NEBFQQYWPS.jpg
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN\SFPUSAFIOL.xlsx
data
dropped
C:\Users\user\Desktop\MXPXCVPDVN\SFPUSAFIOL.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\NEBFQQYWPS.jpg
data
dropped
C:\Users\user\Desktop\NEBFQQYWPS.jpg.bgjs (copy)
data
dropped
C:\Users\user\Desktop\NEBFQQYWPS.xlsx
data
dropped
C:\Users\user\Desktop\NEBFQQYWPS.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV.jpg
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV.jpg.bgjs (copy)
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV.mp3
data
dropped
C:\Users\user\Desktop\PIVFAGEAAV.mp3.bgjs (copy)
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE.png
data
dropped
C:\Users\user\Desktop\PWCCAWLGRE.png.bgjs (copy)
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA.pdf
data
dropped
C:\Users\user\Desktop\QCFWYSKMHA.pdf.bgjs (copy)
data
dropped
C:\Users\user\Desktop\QNCYCDFIJJ.jpg
data
dropped
C:\Users\user\Desktop\QNCYCDFIJJ.jpg.bgjs (copy)
data
dropped
C:\Users\user\Desktop\SFPUSAFIOL.docx
data
dropped
C:\Users\user\Desktop\SFPUSAFIOL.docx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\SFPUSAFIOL.xlsx
data
dropped
C:\Users\user\Desktop\SFPUSAFIOL.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Desktop\SFPUSAFIOL\PIVFAGEAAV.mp3
data
dropped
C:\Users\user\Desktop\SFPUSAFIOL\PIVFAGEAAV.mp3.bgjs (copy)
data
dropped
C:\Users\user\Desktop\SFPUSAFIOL\QNCYCDFIJJ.jpg
data
dropped
C:\Users\user\Desktop\SFPUSAFIOL\QNCYCDFIJJ.jpg.bgjs (copy)
data
dropped
C:\Users\user\Desktop\SFPUSAFIOL\ZQIXMVQGAH.pdf.bgjs (copy)
data
dropped
C:\Users\user\Desktop\ZQIXMVQGAH.mp3
data
dropped
C:\Users\user\Desktop\ZQIXMVQGAH.mp3.bgjs (copy)
data
dropped
C:\Users\user\Desktop\ZQIXMVQGAH.pdf
data
dropped
C:\Users\user\Desktop\ZQIXMVQGAH.pdf.bgjs (copy)
data
dropped
C:\Users\user\Desktop\ZQIXMVQGAH.xlsx
data
dropped
C:\Users\user\Desktop\ZQIXMVQGAH.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Documents\EEGWXUHVUG.png
data
dropped
C:\Users\user\Documents\EEGWXUHVUG.png.bgjs (copy)
data
dropped
C:\Users\user\Documents\GRXZDKKVDB.mp3
data
dropped
C:\Users\user\Documents\GRXZDKKVDB.mp3.bgjs (copy)
data
dropped
C:\Users\user\Documents\IPKGELNTQY.docx
data
dropped
C:\Users\user\Documents\IPKGELNTQY.docx.bgjs (copy)
data
dropped
C:\Users\user\Documents\IPKGELNTQY.pdf
data
dropped
C:\Users\user\Documents\IPKGELNTQY.pdf.bgjs (copy)
data
dropped
C:\Users\user\Documents\IPKGELNTQY\GRXZDKKVDB.mp3
data
dropped
C:\Users\user\Documents\IPKGELNTQY\GRXZDKKVDB.mp3.bgjs (copy)
data
dropped
C:\Users\user\Documents\IPKGELNTQY\PIVFAGEAAV.jpg
data
dropped
C:\Users\user\Documents\IPKGELNTQY\PIVFAGEAAV.jpg.bgjs (copy)
data
dropped
C:\Users\user\Documents\LSBIHQFDVT.png
data
dropped
C:\Users\user\Documents\LSBIHQFDVT.png.bgjs (copy)
data
dropped
C:\Users\user\Documents\MXPXCVPDVN.docx
data
dropped
C:\Users\user\Documents\MXPXCVPDVN.docx.bgjs (copy)
data
dropped
C:\Users\user\Documents\MXPXCVPDVN\IPKGELNTQY.pdf
data
dropped
C:\Users\user\Documents\MXPXCVPDVN\IPKGELNTQY.pdf.bgjs (copy)
data
dropped
C:\Users\user\Documents\MXPXCVPDVN\MXPXCVPDVN.docx
data
dropped
C:\Users\user\Documents\MXPXCVPDVN\MXPXCVPDVN.docx.bgjs (copy)
data
dropped
C:\Users\user\Documents\MXPXCVPDVN\SFPUSAFIOL.xlsx
data
dropped
C:\Users\user\Documents\MXPXCVPDVN\SFPUSAFIOL.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Documents\NEBFQQYWPS.jpg
data
dropped
C:\Users\user\Documents\NEBFQQYWPS.jpg.bgjs (copy)
data
dropped
C:\Users\user\Documents\NEBFQQYWPS.xlsx
data
dropped
C:\Users\user\Documents\NEBFQQYWPS.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV.jpg
data
dropped
C:\Users\user\Documents\PIVFAGEAAV.jpg.bgjs (copy)
data
dropped
C:\Users\user\Documents\PIVFAGEAAV.mp3
data
dropped
C:\Users\user\Documents\PIVFAGEAAV.mp3.bgjs (copy)
data
dropped
C:\Users\user\Documents\PWCCAWLGRE.png
data
dropped
C:\Users\user\Documents\PWCCAWLGRE.png.bgjs (copy)
data
dropped
C:\Users\user\Documents\QCFWYSKMHA.pdf
data
dropped
C:\Users\user\Documents\QCFWYSKMHA.pdf.bgjs (copy)
data
dropped
C:\Users\user\Documents\QNCYCDFIJJ.jpg
data
dropped
C:\Users\user\Documents\QNCYCDFIJJ.jpg.bgjs (copy)
data
dropped
C:\Users\user\Documents\SFPUSAFIOL.docx
data
dropped
C:\Users\user\Documents\SFPUSAFIOL.docx.bgjs (copy)
data
dropped
C:\Users\user\Documents\SFPUSAFIOL.xlsx
data
dropped
C:\Users\user\Documents\SFPUSAFIOL.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Documents\SFPUSAFIOL\NEBFQQYWPS.xlsx
data
dropped
C:\Users\user\Documents\SFPUSAFIOL\NEBFQQYWPS.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Documents\SFPUSAFIOL\QNCYCDFIJJ.jpg
data
dropped
C:\Users\user\Documents\SFPUSAFIOL\QNCYCDFIJJ.jpg.bgjs (copy)
data
dropped
C:\Users\user\Documents\SFPUSAFIOL\ZQIXMVQGAH.pdf
data
dropped
C:\Users\user\Documents\SFPUSAFIOL\ZQIXMVQGAH.pdf.bgjs (copy)
data
dropped
C:\Users\user\Documents\ZQIXMVQGAH.mp3
data
dropped
C:\Users\user\Documents\ZQIXMVQGAH.mp3.bgjs (copy)
data
dropped
C:\Users\user\Documents\ZQIXMVQGAH.pdf
data
dropped
C:\Users\user\Documents\ZQIXMVQGAH.pdf.bgjs (copy)
data
dropped
C:\Users\user\Documents\ZQIXMVQGAH.xlsx
data
dropped
C:\Users\user\Documents\ZQIXMVQGAH.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Downloads\EEGWXUHVUG.png
data
dropped
C:\Users\user\Downloads\EEGWXUHVUG.png.bgjs (copy)
data
dropped
C:\Users\user\Downloads\GRXZDKKVDB.mp3
data
dropped
C:\Users\user\Downloads\GRXZDKKVDB.mp3.bgjs (copy)
data
dropped
C:\Users\user\Downloads\IPKGELNTQY.docx
data
dropped
C:\Users\user\Downloads\IPKGELNTQY.docx.bgjs (copy)
data
dropped
C:\Users\user\Downloads\IPKGELNTQY.pdf
data
dropped
C:\Users\user\Downloads\IPKGELNTQY.pdf.bgjs (copy)
data
dropped
C:\Users\user\Downloads\LSBIHQFDVT.png
data
dropped
C:\Users\user\Downloads\LSBIHQFDVT.png.bgjs (copy)
data
dropped
C:\Users\user\Downloads\MXPXCVPDVN.docx
data
dropped
C:\Users\user\Downloads\MXPXCVPDVN.docx.bgjs (copy)
data
dropped
C:\Users\user\Downloads\NEBFQQYWPS.jpg
data
dropped
C:\Users\user\Downloads\NEBFQQYWPS.jpg.bgjs (copy)
data
dropped
C:\Users\user\Downloads\NEBFQQYWPS.xlsx
data
dropped
C:\Users\user\Downloads\NEBFQQYWPS.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Downloads\PIVFAGEAAV.jpg
data
dropped
C:\Users\user\Downloads\PIVFAGEAAV.jpg.bgjs (copy)
data
dropped
C:\Users\user\Downloads\PWCCAWLGRE.png
data
dropped
C:\Users\user\Downloads\PWCCAWLGRE.png.bgjs (copy)
data
dropped
C:\Users\user\Downloads\QCFWYSKMHA.pdf
data
dropped
C:\Users\user\Downloads\QCFWYSKMHA.pdf.bgjs (copy)
data
dropped
C:\Users\user\Downloads\QNCYCDFIJJ.jpg
data
dropped
C:\Users\user\Downloads\QNCYCDFIJJ.jpg.bgjs (copy)
data
dropped
C:\Users\user\Downloads\SFPUSAFIOL.docx
data
dropped
C:\Users\user\Downloads\SFPUSAFIOL.docx.bgjs (copy)
data
dropped
C:\Users\user\Downloads\SFPUSAFIOL.xlsx
data
dropped
C:\Users\user\Downloads\SFPUSAFIOL.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Downloads\ZQIXMVQGAH.mp3
data
dropped
C:\Users\user\Downloads\ZQIXMVQGAH.mp3.bgjs (copy)
data
dropped
C:\Users\user\Downloads\ZQIXMVQGAH.pdf
data
dropped
C:\Users\user\Downloads\ZQIXMVQGAH.pdf.bgjs (copy)
data
dropped
C:\Users\user\Downloads\ZQIXMVQGAH.xlsx
data
dropped
C:\Users\user\Downloads\ZQIXMVQGAH.xlsx.bgjs (copy)
data
dropped
C:\Users\user\Favorites\Amazon.url
data
dropped
C:\Users\user\Favorites\Amazon.url.bgjs (copy)
data
dropped
C:\Users\user\Favorites\Bing.url
data
dropped
C:\Users\user\Favorites\Bing.url.bgjs (copy)
data
dropped
C:\Users\user\Favorites\Facebook.url
data
dropped
C:\Users\user\Favorites\Facebook.url.bgjs (copy)
data
dropped
C:\Users\user\Favorites\Google.url
data
dropped
C:\Users\user\Favorites\Google.url.bgjs (copy)
data
dropped
C:\Users\user\Favorites\Live.url
data
dropped
C:\Users\user\Favorites\NYTimes.url
data
dropped
C:\Users\user\Favorites\NYTimes.url.bgjs (copy)
data
dropped
C:\Users\user\Favorites\Reddit.url
data
dropped
C:\Users\user\Favorites\Reddit.url.bgjs (copy)
data
dropped
C:\Users\user\Favorites\Twitter.url
data
dropped
C:\Users\user\Favorites\Wikipedia.url
data
dropped
C:\Users\user\Favorites\Wikipedia.url.bgjs (copy)
data
dropped
C:\Users\user\Favorites\Youtube.url
data
dropped
C:\Users\user\Favorites\Youtube.url.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\.curlrc.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeCMapFnt23.lst.bgjs (copy)
PostScript document text
dropped
C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeSysFnt23.lst.bgjs (copy)
PostScript document text
dropped
C:\Users\user\Local Settings\Adobe\Acrobat\DC\IconCacheAcro65536.dat.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Adobe\Color\ACECache11.lst.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jcp.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jtx.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00001.jrs.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00002.jrs.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Comms\UnistoreDB\USStmp.jtx.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Comms\UnistoreDB\store.jfm.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Comms\UnistoreDB\store.vol.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\IconCache.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\CLR_v4.0\UsageLogs\InspectorOfficeGadget.exe.log.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\FontCache\4\CatalogCacheMetaData.xml.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edb.chk.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edb.log.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbtmp.log.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Internet Explorer\brndlog.txt.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules.xml.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Office\Features\1-7FeatureCache.txt.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\PenWorkspace\DiscoverCacheData.dat.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\1521f696d8626c8e8127c0284ab987ff1974f39a.tbres.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\f036564d8b727dbe99499799c7e51936a642f62a.tbres.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\2057\StructuredQuerySchema.bin.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.1.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.3.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Caches\{29565D0C-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog.etl.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1280.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1920.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_2560.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_768.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_96.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_custom_stream.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_exif.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_sr.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide_alternate.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1280.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1920.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_2560.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_32.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_768.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_96.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_custom_stream.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_exif.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_sr.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01.chk.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V0100004.log.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00001.jrs.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00002.jrs.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01tmp.log.bgjs (copy)
data
dropped
C:\Users\user\Local Settings\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Local Settings\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms
data
dropped
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.bgjs (copy)
data
dropped
C:\Users\user\SendTo\Bluetooth File Transfer.LNK.bgjs (copy)
data
dropped
C:\Users\user\SendTo\Desktop (create shortcut).DeskLink.bgjs (copy)
data
dropped
C:\Users\jones\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old
data
dropped
C:\Users\jones\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json
data
dropped
C:\Users\jones\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst
PostScript document text
dropped
C:\Users\jones\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
data
dropped
C:\Users\jones\AppData\Local\Adobe\Color\ACECache11.lst
data
dropped
C:\Users\jones\AppData\Local\Comms\UnistoreDB\USS.jcp
data
dropped
C:\Users\jones\AppData\Local\Comms\UnistoreDB\USS.jtx
data
dropped
C:\Users\jones\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
data
dropped
C:\Users\jones\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
data
dropped
C:\Users\jones\AppData\Local\Comms\UnistoreDB\USStmp.jtx
data
dropped
C:\Users\jones\AppData\Local\Comms\UnistoreDB\store.jfm
data
dropped
C:\Users\jones\AppData\Local\Comms\UnistoreDB\store.vol
data
dropped
C:\Users\jones\AppData\Local\Diagnostics\1612347604\latest.cab
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651BFFE6-228.pma
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651BFFFF-BD8.pma
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651C0414-22F8.pma
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D225D-18BC.pma
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651D2262-1A18.pma
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
data
dropped
C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651BFF76-DF0.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C00B3-378.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C00B3-67C.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C020C-1B28.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C020C-B60.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C0537-1BBC.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651C0537-1BC0.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D22E2-1DAC.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D22E2-A84.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D23AD-1560.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D23AD-F98.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D2470-1A5C.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651D2470-6D0.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651E6CB3-65C.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651E6D12-18C4.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651E6D12-1B58.pma
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\23001069669.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\28367963232.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\29442803203.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\30264859306.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\24153076628.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\30284701761.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\31558910439.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\37262344671.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\27160079615.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\28315153308.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\29939506207.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\31169036496.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_35.ttf
data
dropped
C:\Users\jones\AppData\Local\Microsoft\GameDVR\KnownGameList.bin
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log
Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
dropped
C:\Users\jones\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log
Unicode text, UTF-16, little-endian text, with very long lines (869), with no line terminators
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\01_Music_auto_rated_at_5_stars.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\02_Music_added_in_the_last_month.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\03_Music_rated_at_4_or_5_stars.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\04_Music_played_in_the_last_month.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\05_Pictures_taken_in_the_last_month.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\06_Pictures_rated_4_or_5_stars.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\07_TV_recorded_in_the_last_week.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\08_Video_rated_at_4_or_5_stars.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\09_Music_played_the_most.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\10_All_Music.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\11_All_Pictures.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\002370B1\12_All_Video.wpl
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6414BF61-F222-4B9F-A03B-794546D2572C}\{2B7F22E4-0564-47EC-902E-D41100321163}mt11414620.png
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6414BF61-F222-4B9F-A03B-794546D2572C}\{2FE357BC-7682-4CDA-A53F-FDCB5CBFF097}mt16400647.png
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6414BF61-F222-4B9F-A03B-794546D2572C}\{50FB4BDE-809C-441B-974E-B14401CF3C99}mt45299826.png
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6414BF61-F222-4B9F-A03B-794546D2572C}\{6AD16840-FC52-4BEC-869B-3C3233F91247}mt66963475.png
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6414BF61-F222-4B9F-A03B-794546D2572C}\{6DD09B2E-7949-4F54-AB71-53B2C7590859}mt10000137.png
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6414BF61-F222-4B9F-A03B-794546D2572C}\{85F5391F-CFA1-4E26-A147-E231F673A987}mt16400656.png
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6414BF61-F222-4B9F-A03B-794546D2572C}\{BD919067-1ACC-485F-8AD4-36ED6FAF622C}mt67739505.png
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{6414BF61-F222-4B9F-A03B-794546D2572C}\{E9D6B2D9-5DBF-483E-99D2-604E933F68F0}mt11829122.png
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.CampaignStates.json
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.GovernedChannelStates.json
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.Settings.json
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.SurveyEventActivityStats.json
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.SurveyHistoryStats.json
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120100v3.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120119v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120402v21.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120600v4.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120608v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120609v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule224900v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule224901v11.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule224902v2.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule226009v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230104v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230157v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230158v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230162v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230164v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230165v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230166v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230167v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230168v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230169v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230171v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230173v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230174v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230200v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700000v2.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700001v2.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700050v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700051v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700100v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700101v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700150v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700151v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700200v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700201v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700250v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700251v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700300v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700301v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700350v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700351v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700400v2.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700401v2.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700450v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700451v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700500v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700501v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700550v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700551v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700600v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700601v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700650v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700651v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700700v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700701v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700750v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700751v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700850v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700851v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700900v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700901v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700950v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700951v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701050v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701051v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701100v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701101v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701150v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701151v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701200v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701201v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701250v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701251v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701300v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701301v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701350v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701351v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701400v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701401v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701500v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701501v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701550v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701551v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701650v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701651v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701700v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701701v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701750v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701751v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701800v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701801v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701850v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701851v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701900v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701901v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701950v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701951v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702000v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702001v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702050v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702051v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702100v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702101v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702150v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702151v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702200v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702201v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702250v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702251v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702300v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702301v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702350v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702351v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702400v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702401v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702450v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702451v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702500v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702501v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702550v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702551v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702600v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702601v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702650v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702651v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702700v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702701v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702750v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702751v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702800v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702801v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702850v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702851v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702900v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702901v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702950v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702951v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703000v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703001v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703050v3.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703051v3.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703100v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703101v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703150v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703151v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703200v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703201v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703250v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703251v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703300v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703301v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703350v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703351v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703400v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703401v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703450v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703451v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703500v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703501v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703550v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703551v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703600v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703601v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703650v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703651v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703700v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703701v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703750v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703751v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703800v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703801v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703850v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703851v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703900v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703901v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703950v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703951v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704000v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704001v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704050v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704051v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704100v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704101v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704150v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704151v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704200v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704201v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule90401v3.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule1000v5.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10450v3.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10625v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10626v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10627v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10781v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10803v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10807v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10808v0.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10818v3.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10819v1.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10820v3.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10821v3.xml
data
dropped
C:\Users\jones\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
data
dropped
C:\Users\jones\AppData\Local\Microsoft\Windows\UsrClass.dat
MS Windows registry file, NT/2000 or above
dropped
C:\Users\jones\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
MS Windows registry file, NT/2000 or above
dropped
C:\Users\jones\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
MS Windows registry file, NT/2000 or above
dropped
C:\Users\jones\AppData\Local\Microsoft\fluency\lm\en-GB\.config
data
dropped
C:\Users\jones\AppData\Local\Microsoft\fluency\lm\en-GB\dynamic.lm
data
dropped
C:\Users\jones\AppData\Local\Microsoft\fluency\lm\en-GB\learned.json
data
dropped
C:\Users\jones\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache\scriptCache-child-current.bin
data
dropped
C:\Users\jones\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache\scriptCache-current.bin
data
dropped
C:\Users\jones\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache\startupCache.8.little
data
dropped
C:\Users\jones\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache\urlCache-current.bin
data
dropped
C:\Users\jones\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache\urlCache.bin
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\squaretile.png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\tinytile.png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\tinytile.png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\squaretile.png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\tinytile.png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\DL2P1Z6X\lockup-mslogo-color-78c06e8898[1].png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\DL2P1Z6X\pwa-35de8a913e[1].css
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\DL2P1Z6X\pwa-vendor-bundle-1652fd8b358d589e6ec0[1].js
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\DL2P1Z6X\pwa-vendors~left-nav-rc.d918c7fc33e22b41b936.chunk.v7[1].css
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\DL2P1Z6X\segoeui_regular[1].woff2
Web Open Font Format (Version 2), flavor 7650603, length -1840497846, version 6582.-18048
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\DL2P1Z6X\sharedfontstyles-27fa2598d8[1].css
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\IINQQITY\pwa-fluent~left-nav-rc.ec3581b6c9e6e9985aa7.chunk.v7[1].js
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\IINQQITY\segoeui_semibold[1].woff2
Web Open Font Format (Version 2), flavor 1740683, length -976703131, version -7310.-3528
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\IINQQITY\staticstylesfabric-35c34b95e3[1].css
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\KAT9HXAG\pwaunauth-9d8bc214ac[1].css
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\KAT9HXAG\unauth-checkmark-image-1999f0bf81[1].png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\LCNHN4MU\ew-preload-inline-2523c8c1505f1172be19[1].js
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\LCNHN4MU\pwa-bundle-0debb885be07c402c948[1].js
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\LCNHN4MU\unauth-apps-image-46596a6856[1].png
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\AC\INetCache\6RHHGU54\connecttest[1].txt
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\DLAKQVF0\hostfooterpackage_FOuGbot8yZGKyYkh5yNQBA2[1].js
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\DLAKQVF0\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg
SVG Scalable Vector Graphics image
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\DLAKQVF0\win10adduser_zKHVAzZN9bL6F2LY2UEz4Q2[1].js
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\HSLUET3E\bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2[1].js
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\HSLUET3E\oneds_MC5gQfpbTUjLu60sQCwU1w2[1].js
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\I8BK050T\2_vD0yppaJX3jBnfbHF1hqXQ2[1].svg
SVG Scalable Vector Graphics image
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\I8BK050T\corewin10_Lmno_4TyJLm7Xee3gF3aOg2[1].js
data
dropped
C:\Users\jones\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\I8BK050T\win10hostsignuppackage_bs97NnbLBHPHnaN0wGg43g2[1].js
data
dropped
C:\Users\jones\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
data
dropped
C:\Users\jones\AppData\Local\Temp\wctEA40.tmp
data
dropped
C:\Users\jones\AppData\Local\Temp\wmsetup.log
data
dropped
C:\Users\jones\AppData\Local\Temp\{5871238D-BEB9-464A-931F-701C8F0FFB10}.png
data
dropped
C:\Users\jones\AppData\Local\Temp\{5F969F84-5F34-4AF8-8D36-D6D6A1668750}.png
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\162797d679096999.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b6ebacd7cd2f25a.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1bc9bbbe61f14501.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\319f01bf9fe00f2d.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5175b273ceba776b.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\61ebb1e65cfcb8da.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\6d2bac8f1edf6668.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\78f0afb5bd4bb278.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9c08ad74ad8708df.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9cfafb05ce914942.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\b8ab77100df80ab2.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\b8b3a97bfbf120b6.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\d00655d2aa12ff6d.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f18460fded109990.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\fb3b0dbfee58fac8.automaticDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7e4dca80246863e3.customDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f01b4d95cf55d32a.customDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f18460fded109990.customDestinations-ms
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK
data
dropped
C:\Users\jones\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AlternateServices.txt
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txt
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\containers.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\session-state.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\state.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extension-preferences.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\handlers.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txt
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\previous.jsonlz4
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore.jsonlz4
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\shield-preference-experiments.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\times.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json
data
dropped
C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\times.json
data
dropped
C:\Users\jones\AppData\Roaming\Skype\RootTools\roottools.conf
data
dropped
C:\Users\jones\Application Data\Skype\RootTools\roottools.conf.bgjs (copy)
data
dropped
C:\Users\jones\Favorites\Bing.url
data
dropped
C:\Users\jones\Favorites\Bing.url.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Adobe\Color\ACECache11.lst.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Comms\UnistoreDB\USS.jcp.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Comms\UnistoreDB\USS.jtx.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Comms\UnistoreDB\USSres00001.jrs.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Comms\UnistoreDB\USSres00002.jrs.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Comms\UnistoreDB\USStmp.jtx.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Comms\UnistoreDB\store.jfm.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Comms\UnistoreDB\store.vol.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\ConnectedDevicesPlatform\L.jones\ActivitiesCache.db.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Diagnostics\1612347604\latest.cab.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Microsoft\GameDVR\KnownGameList.bin.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Microsoft\Internet Explorer\brndlog.txt.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.bgjs (copy)
Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
dropped
C:\Users\jones\Local Settings\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.bgjs (copy)
Unicode text, UTF-16, little-endian text, with very long lines (869), with no line terminators
dropped
C:\Users\jones\Local Settings\Microsoft\PenWorkspace\DiscoverCacheData.dat.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\jones\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\jones\Local Settings\Microsoft\Windows\UsrClass.dat.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\jones\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Temp\wmsetup.log.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Temp\{5871238D-BEB9-464A-931F-701C8F0FFB10}.png.bgjs (copy)
data
dropped
C:\Users\jones\Local Settings\Temp\{5F969F84-5F34-4AF8-8D36-D6D6A1668750}.png.bgjs (copy)
data
dropped
C:\Users\jones\NTUSER.DAT
MS Windows registry file, NT/2000 or above
dropped
C:\Users\jones\NTUSER.DAT.bgjs (copy)
MS Windows registry file, NT/2000 or above
dropped
C:\Users\jones\Recent\AutomaticDestinations\162797d679096999.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\1b6ebacd7cd2f25a.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\1bc9bbbe61f14501.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\319f01bf9fe00f2d.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\5175b273ceba776b.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\61ebb1e65cfcb8da.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\6d2bac8f1edf6668.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\78f0afb5bd4bb278.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\9c08ad74ad8708df.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\9cfafb05ce914942.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\b8ab77100df80ab2.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\b8b3a97bfbf120b6.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\d00655d2aa12ff6d.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\f18460fded109990.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\AutomaticDestinations\fb3b0dbfee58fac8.automaticDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\CustomDestinations\7e4dca80246863e3.customDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\CustomDestinations\f01b4d95cf55d32a.customDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Recent\CustomDestinations\f18460fded109990.customDestinations-ms.bgjs (copy)
data
dropped
C:\Users\jones\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms
data
dropped
C:\Users\jones\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms.bgjs (copy)
data
dropped
C:\Users\jones\SendTo\Bluetooth File Transfer.LNK.bgjs (copy)
data
dropped
C:\Users\jones\SendTo\Desktop (create shortcut).DeskLink.bgjs (copy)
data
dropped
There are 1381 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\R5391762lf.exe
"C:\Users\user\Desktop\R5391762lf.exe"
 malicious
C:\Users\user\Desktop\R5391762lf.exe
"C:\Users\user\Desktop\R5391762lf.exe"
 malicious
C:\Users\user\Desktop\R5391762lf.exe
"C:\Users\user\Desktop\R5391762lf.exe" --Admin IsNotAutoStart IsNotTask
 malicious
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe --Task
 malicious
C:\Users\user\Desktop\R5391762lf.exe
"C:\Users\user\Desktop\R5391762lf.exe" --Admin IsNotAutoStart IsNotTask
 malicious
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe --Task
 malicious
C:\Users\user\AppData\Local\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build2.exe
"C:\Users\user\AppData\Local\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build2.exe"
malicious
C:\Users\user\AppData\Local\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build2.exe
"C:\Users\user\AppData\Local\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build2.exe"
malicious
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe
"C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe" --AutoStart
 malicious
C:\Users\user\AppData\Local\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build3.exe
"C:\Users\user\AppData\Local\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build3.exe"
malicious
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe
"C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe" --AutoStart
 malicious
C:\Users\user\AppData\Local\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build3.exe
"C:\Users\user\AppData\Local\3e091c6f-72a1-42bd-89b8-7e8a9a94f76c\build3.exe"
malicious
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
 malicious
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
 malicious
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe
"C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe" --AutoStart
 malicious
C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe
"C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d\R5391762lf.exe" --AutoStart
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
 malicious
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\user\AppData\Local\d8960608-daff-4d43-9e12-805e9e1a283d" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 18 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://cajgtus.com/test1/get.php?pid=3630DD81AC10B7EC98F7204E360B9D7E
186.145.236.18
 malicious
http://cajgtus.com/test1/get.php
malicious
http://cajgtus.com/test1/get.php?pid=3630DD81AC10B7EC98F7204E360B9D7E&first=true
186.145.236.18
 malicious
http://sdfjhuz.com/dl/build2.exe
186.13.17.220
 malicious
http://cajgtus.com/files/1/build3.exe
186.145.236.18
 malicious
http://www.nytimes.com/
unknown
https://assets.activity.windows.com/v1/assets
unknown
https://github.com/react-native-community/react-native-netinfo
unknown
https://api.2ip.ua/
unknown
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/privacy-sdx.win32.bundle.js.map/e3b0c4429
unknown
https://api.2ip.ua/geo.jsonn
unknown
https://steamcommunity.com/profiles/76561199673019888
23.66.133.162
http://www.twitter.com/
unknown
https://api.2ip.ua/geo.json
172.67.139.220
https://clients3.google.com/generate_204
unknown
http://cajgtus.com/files/1/build3.exe.K5.(
unknown
http://www.openssl.org/support/faq.html
unknown
https://api.2ip.ua/eQ
unknown
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
unknown
http://cajgtus.com/files/1/build3.exe0K
unknown
https://assets.activity.windows.com
unknown
https://95.217.9.149/sqln.dll
95.217.9.149
https://activity.windows.com
unknown
https://95.217.9.149/
95.217.9.149
https://assets.activity.windows.com/v1/assets/$batch
unknown
http://www.google.com/
unknown
There are 16 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
sdfjhuz.com
186.13.17.220
 malicious
cajgtus.com
186.145.236.18
 malicious
steamcommunity.com
23.66.133.162
api.2ip.ua
172.67.139.220

IPs

IP
Domain
Country
Malicious
186.145.236.18
cajgtus.com
Colombia
malicious
186.13.17.220
sdfjhuz.com
Argentina
malicious
172.67.139.220
api.2ip.ua
United States
95.217.9.149
unknown
Germany
23.66.133.162
steamcommunity.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SysHelper
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion
SysHelper

Memdumps

Base Address
Regiontype
Protect
Malicious
860000
direct allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
5EC0000
direct allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
5DA0000
direct allocation
page execute and read and write
 malicious
5DB0000
direct allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
5EA0000
direct allocation
page execute and read and write
 malicious
5E10000
direct allocation
page execute and read and write
 malicious
1BA0000
direct allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
850000
direct allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
960000
direct allocation
page execute and read and write
 malicious
920000
direct allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
960000
direct allocation
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
540000
direct allocation
page read and write
400000
unkown
page readonly
3430000
direct allocation
page read and write
384F000
heap
page read and write
3766000
heap
page read and write
3C96000
heap
page read and write
97E0000
direct allocation
page read and write
33A3000
heap
page read and write
B2E000
heap
page read and write
76F000
stack
page read and write
540000
direct allocation
page read and write
B3F000
stack
page read and write
97E0000
direct allocation
page read and write
698000
heap
page read and write
3168000
heap
page read and write
3117000
heap
page read and write
7BA000
heap
page read and write
400000
unkown
page readonly
319B000
heap
page read and write
3B45000
heap
page read and write
346C000
heap
page read and write
24AF000
stack
page read and write
650000
heap
page read and write
3172000
heap
page read and write
41E000
unkown
page write copy
353A000
heap
page read and write
400000
unkown
page readonly
394E000
heap
page read and write
263E000
stack
page read and write
40A1000
unkown
page readonly
540000
direct allocation
page read and write
33FF000
heap
page read and write
3430000
direct allocation
page read and write
28DF000
stack
page read and write
34B0000
heap
page read and write
8F9000
heap
page read and write
2DAE000
stack
page read and write
33AB000
heap
page read and write
3877000
heap
page read and write
24FE000
stack
page read and write
2B7F000
stack
page read and write
19B000
stack
page read and write
7E9000
unkown
page readonly
97E0000
direct allocation
page read and write
90D000
heap
page read and write
3198000
heap
page read and write
401000
unkown
page execute read
41B000
unkown
page read and write
97E0000
direct allocation
page read and write
3341000
heap
page read and write
3357000
heap
page read and write
97E0000
direct allocation
page read and write
3430000
direct allocation
page read and write
40A1000
unkown
page readonly
520000
heap
page read and write
97E0000
direct allocation
page read and write
70B000
heap
page read and write
540000
direct allocation
page read and write
19A3E000
stack
page read and write
261F000
stack
page read and write
4710000
heap
page read and write
7C1000
heap
page read and write
3CD1000
heap
page read and write
3858000
heap
page read and write
8E6000
heap
page read and write
540000
direct allocation
page read and write
19D000
stack
page read and write
2A10000
heap
page read and write
409F000
unkown
page read and write
450000
heap
page read and write
1F0000
heap
page read and write
540000
direct allocation
page read and write
342A000
heap
page read and write
3402000
heap
page read and write
707000
heap
page read and write
3AAA000
heap
page read and write
41B000
unkown
page read and write
925000
heap
page read and write
34F2000
heap
page read and write
915000
heap
page read and write
3117000
heap
page read and write
316C000
heap
page read and write
97E0000
direct allocation
page read and write
9810000
trusted library allocation
page read and write
312E000
heap
page read and write
8FE000
heap
page read and write
919000
heap
page read and write
2F70000
heap
page read and write
19D000
stack
page read and write
3371000
heap
page read and write
23A0000
heap
page read and write
41B000
unkown
page write copy
1F5000
heap
page read and write
6A7000
heap
page read and write
1E938000
direct allocation
page readonly
3487000
heap
page read and write
1EAC0000
heap
page read and write
342A000
heap
page read and write
6EE000
stack
page read and write
1FD0000
heap
page read and write
41B000
unkown
page write copy
33B2000
heap
page read and write
3430000
direct allocation
page read and write
36F3000
heap
page read and write
30C4000
heap
page read and write
37F3000
heap
page read and write
3A1C000
heap
page read and write
401000
unkown
page execute read
3147000
heap
page read and write
38C8000
heap
page read and write
97E8000
direct allocation
page read and write
412000
unkown
page readonly
529000
remote allocation
page execute and read and write
7AE000
heap
page read and write
2FB1000
heap
page read and write
6D0000
heap
page read and write
401000
unkown
page execute read
4180000
heap
page read and write
41C000
unkown
page write copy
412000
unkown
page readonly
317F000
heap
page read and write
540000
direct allocation
page read and write
3430000
direct allocation
page read and write
97E0000
direct allocation
page read and write
3B45000
heap
page read and write
97E0000
direct allocation
page read and write
540000
direct allocation
page read and write
317A000
heap
page read and write
7F0000
heap
page read and write
A3F000
stack
page read and write
2F5F000
stack
page read and write
3D10000
heap
page read and write
46FF000
stack
page read and write
33A3000
heap
page read and write
3A1C000
heap
page read and write
34B3000
heap
page read and write
380B000
heap
page read and write
540000
direct allocation
page read and write
3CAE000
heap
page read and write
1F0000
heap
page read and write
9B0000
heap
page read and write
1744E000
stack
page read and write
34C4000
heap
page read and write
1E96D000
direct allocation
page readonly
314D000
heap
page read and write
3487000
heap
page read and write
32E0000
heap
page read and write
3AC1000
heap
page read and write
438000
unkown
page write copy
70F000
heap
page read and write
435000
unkown
page execute read
2F70000
heap
page read and write
448F000
stack
page read and write
30F1000
heap
page read and write
3EDC000
heap
page read and write
3157000
heap
page read and write
9AF000
stack
page read and write
511000
remote allocation
page execute and read and write
5D0000
heap
page read and write
3858000
heap
page read and write
33D1000
heap
page read and write
336F000
heap
page read and write
401000
unkown
page execute read
64E000
stack
page read and write
41B000
unkown
page write copy
3D10000
heap
page read and write
315F000
heap
page read and write
31A7000
heap
page read and write
6A7000
heap
page read and write
728000
heap
page read and write
707000
heap
page read and write
3145000
heap
page read and write
370A000
heap
page read and write
401000
unkown
page execute read
423E000
stack
page read and write
379F000
heap
page read and write
540000
direct allocation
page read and write
412000
unkown
page readonly
8D7000
heap
page read and write
540000
direct allocation
page read and write
31A7000
heap
page read and write
3538000
heap
page read and write
873000
heap
page read and write
3B65000
heap
page read and write
52BE000
stack
page read and write
401000
unkown
page execute read
334B000
heap
page read and write
3A4D000
heap
page read and write
3D0D000
heap
page read and write
B30000
heap
page read and write
400000
unkown
page readonly
33BB000
heap
page read and write
630000
heap
page read and write
41C000
unkown
page write copy
9D0000
heap
page read and write
2E1F000
stack
page read and write
540000
direct allocation
page read and write
3B0F000
heap
page read and write
31A8000
heap
page read and write
40A1000
unkown
page readonly
3A24000
heap
page read and write
2620000
heap
page read and write
7E9000
unkown
page readonly
401000
unkown
page execute read
199E0000
remote allocation
page read and write
33DB000
heap
page read and write
251E000
stack
page read and write
317A000
heap
page read and write
A3F000
stack
page read and write
3430000
direct allocation
page read and write
44C0000
heap
page read and write
421000
unkown
page write copy
2600000
heap
page read and write
97E0000
direct allocation
page read and write
30F3000
heap
page read and write
337F000
heap
page read and write
3985000
heap
page read and write
421000
unkown
page write copy
434000
remote allocation
page execute and read and write
4270000
heap
page read and write
30F7000
heap
page read and write
7B2000
heap
page read and write
41C000
unkown
page write copy
2B90000
heap
page read and write
8FD000
heap
page read and write
3430000
direct allocation
page read and write
6EA000
heap
page read and write
291E000
stack
page read and write
540000
direct allocation
page read and write
540000
direct allocation
page read and write
33D1000
heap
page read and write
3A1C000
heap
page read and write
8EF000
heap
page read and write
3386000
heap
page read and write
198000
stack
page read and write
3159000
heap
page read and write
97E0000
direct allocation
page read and write
9D7000
heap
page read and write
2E5E000
stack
page read and write
3429000
heap
page read and write
540000
direct allocation
page read and write
540000
direct allocation
page read and write
873000
heap
page read and write
DE6F000
stack
page read and write
2F71000
heap
page read and write
97E0000
direct allocation
page read and write
840000
heap
page read and write
2E20000
remote allocation
page read and write
4B3000
unkown
page read and write
9B000
stack
page read and write
B8F000
stack
page read and write
540000
direct allocation
page read and write
3161000
heap
page read and write
33F1000
heap
page read and write
31AE000
heap
page read and write
19C000
stack
page read and write
768000
heap
page read and write
401000
unkown
page execute read
412000
unkown
page readonly
34DD000
heap
page read and write
3192000
heap
page read and write
97E0000
direct allocation
page read and write
2FAD000
heap
page read and write
317A000
heap
page read and write
1D2B000
heap
page read and write
315F000
heap
page read and write
3512000
heap
page read and write
334E000
heap
page read and write
3534000
heap
page read and write
2A10000
heap
page read and write
1EA24000
heap
page read and write
4138000
heap
page read and write
2FA3000
heap
page read and write
33D6000
heap
page read and write
380B000
heap
page read and write
866000
heap
page read and write
37E4000
heap
page read and write
540000
direct allocation
page read and write
AAF000
stack
page read and write
410000
unkown
page readonly
3430000
direct allocation
page read and write
87A000
heap
page read and write
1F0000
heap
page read and write
3460000
trusted library allocation
page read and write
76E000
stack
page read and write
67A000
heap
page read and write
921000
heap
page read and write
197000
stack
page read and write
3430000
direct allocation
page read and write
7AF000
stack
page read and write
4280000
heap
page read and write
97E0000
direct allocation
page read and write
8C2000
heap
page read and write
371F000
stack
page read and write
198000
stack
page read and write
97E0000
direct allocation
page read and write
3CE6000
heap
page read and write
540000
direct allocation
page read and write
97E0000
direct allocation
page read and write
345F000
heap
page read and write
89C000
heap
page read and write
41B000
unkown
page write copy
7E9000
unkown
page readonly
2FB0000
remote allocation
page read and write
4456000
heap
page execute and read and write
315E000
heap
page read and write
316C000
heap
page read and write
3109000
heap
page read and write
342E000
heap
page read and write
401000
unkown
page execute read
540000
heap
page read and write
97E0000
direct allocation
page read and write
7E9000
unkown
page readonly
33D1000
heap
page read and write
540000
direct allocation
page read and write
6E0000
heap
page read and write
3155000
heap
page read and write
97E0000
direct allocation
page read and write
33B3000
heap
page read and write
3C62000
heap
page read and write
401000
unkown
page execute read
97E0000
direct allocation
page read and write
3699000
heap
page read and write
97E0000
direct allocation
page read and write
2A0F000
stack
page read and write
19D000
stack
page read and write
14E7E000
stack
page read and write
91C000
heap
page read and write
33DB000
heap
page read and write
40A1000
unkown
page readonly
AD0000
heap
page read and write
401000
unkown
page execute read
3192000
heap
page read and write
3D10000
heap
page read and write
3359000
heap
page read and write
33BB000
heap
page read and write
90D000
heap
page read and write
3BFA000
heap
page read and write
33BA000
heap
page read and write
41B000
unkown
page write copy
379F000
heap
page read and write
2E70000
heap
page read and write
198000
stack
page read and write
339B000
heap
page read and write
3361000
heap
page read and write
1ECD0000
heap
page read and write
3183000
heap
page read and write
3168000
heap
page read and write
400000
unkown
page readonly
2FB1000
heap
page read and write
435000
unkown
page execute read
400000
unkown
page readonly
41B000
unkown
page write copy
41CE000
stack
page read and write
97E0000
direct allocation
page read and write
3AEA000
heap
page read and write
921000
heap
page read and write
1F0000
heap
page read and write
3469000
heap
page read and write
3430000
direct allocation
page read and write
3870000
heap
page read and write
AC0000
heap
page read and write
34C4000
heap
page read and write
3341000
heap
page read and write
41B000
unkown
page write copy
19B000
stack
page read and write
3CBD000
heap
page read and write
1E981000
heap
page read and write
520000
heap
page read and write
460F000
stack
page read and write
14EBE000
stack
page read and write
4130000
heap
page read and write
4B3000
unkown
page read and write
9B000
stack
page read and write
1E560000
heap
page read and write
3491000
heap
page read and write
3CE6000
heap
page read and write
866000
heap
page read and write
373B000
heap
page read and write
93E000
stack
page read and write
9B000
stack
page read and write
426E000
stack
page read and write
540000
direct allocation
page read and write
540000
direct allocation
page read and write
3117000
heap
page read and write
38EE000
heap
page read and write
314A000
heap
page read and write
4240000
heap
page read and write
3151000
heap
page read and write
2B80000
heap
page read and write
351F000
heap
page read and write
3681000
heap
page read and write
198000
stack
page read and write
2F93000
heap
page read and write
33E3000
heap
page read and write
540000
direct allocation
page read and write
3343000
heap
page read and write
9C000
stack
page read and write
3CB4000
heap
page read and write
4A8000
heap
page read and write
97E0000
direct allocation
page read and write
447000
unkown
page read and write
1E6BE000
stack
page read and write
3B0E000
heap
page read and write
6EC000
heap
page read and write
638000
heap
page read and write
3CB4000
heap
page read and write
400000
unkown
page readonly
5F30000
heap
page read and write
95E000
stack
page read and write
873000
heap
page read and write
88C000
heap
page execute and read and write
97E0000
direct allocation
page read and write
97FF000
direct allocation
page read and write
33DE000
heap
page read and write
919000
heap
page read and write
97E0000
direct allocation
page read and write
53CA000
heap
page read and write
395E000
heap
page read and write
36F3000
heap
page read and write
3430000
direct allocation
page read and write
25FF000
stack
page read and write
3429000
heap
page read and write
560000
heap
page read and write
527F000
stack
page read and write
3909000
heap
page read and write
41FE000
stack
page read and write
3429000
heap
page read and write
688000
heap
page read and write
97E0000
direct allocation
page read and write
27DE000
stack
page read and write
33AB000
heap
page read and write
2A6E000
stack
page read and write
540000
heap
page read and write
344B000
heap
page read and write
412000
unkown
page readonly
33EF000
heap
page read and write
40C8000
heap
page read and write
33DB000
heap
page read and write
317F000
heap
page read and write
40A1000
unkown
page readonly
37D0000
heap
page read and write
6EA000
heap
page read and write
3BE6000
heap
page read and write
97E0000
direct allocation
page read and write
419000
unkown
page write copy
8FE000
stack
page read and write
36FF000
heap
page read and write
3A54000
heap
page read and write
540000
direct allocation
page read and write
3AAB000
heap
page read and write
34A1000
heap
page read and write
3430000
direct allocation
page read and write
720000
heap
page read and write
2FB0000
remote allocation
page read and write
40B0000
heap
page read and write
19D000
stack
page read and write
2FB0000
heap
page read and write
25AF000
stack
page read and write
33EE000
heap
page read and write
401000
unkown
page execute read
3361000
heap
page read and write
33D8000
heap
page read and write
400000
unkown
page readonly
269E000
stack
page read and write
3D10000
heap
page read and write
3429000
heap
page read and write
AB7000
heap
page read and write
8EA000
heap
page read and write
316E000
heap
page read and write
319C000
heap
page read and write
8FD000
heap
page read and write
400000
unkown
page readonly
400000
unkown
page readonly
52B000
remote allocation
page execute and read and write
31AD000
heap
page read and write
197000
stack
page read and write
540000
direct allocation
page read and write
8AF000
stack
page read and write
34D5000
heap
page read and write
20AE000
stack
page read and write
3149000
heap
page read and write
3183000
heap
page read and write
4B3000
unkown
page read and write
4498000
heap
page execute and read and write
3402000
heap
page read and write
413E000
stack
page read and write
3494000
heap
page read and write
520000
heap
page read and write
97E0000
direct allocation
page read and write
2E70000
remote allocation
page read and write
1F0000
heap
page read and write
33DB000
heap
page read and write
41C000
unkown
page write copy
2CBE000
stack
page read and write
34AD000
heap
page read and write
342A000
heap
page read and write
19D000
stack
page read and write
540000
direct allocation
page read and write
33AA000
heap
page read and write
4466000
heap
page execute and read and write
1A04000
unkown
page readonly
401000
unkown
page execute read
3386000
heap
page read and write
540000
direct allocation
page read and write
2FB0000
remote allocation
page read and write
435000
unkown
page execute read
390D000
heap
page read and write
401000
unkown
page execute read
3703000
heap
page read and write
3691000
heap
page read and write
2CAE000
stack
page read and write
2A7E000
stack
page read and write
97E0000
direct allocation
page read and write
19D000
stack
page read and write
421000
unkown
page write copy
91F000
stack
page read and write
3A74000
heap
page read and write
540000
direct allocation
page read and write
34A1000
heap
page read and write
401000
unkown
page execute read
33C0000
heap
page read and write
30F9000
heap
page read and write
397E000
heap
page read and write
1D0E000
heap
page execute and read and write
3B88000
heap
page read and write
2F5F000
stack
page read and write
30D0000
heap
page read and write
540000
direct allocation
page read and write
540000
direct allocation
page read and write
1F0000
heap
page read and write
30D0000
heap
page read and write
19C000
stack
page read and write
68F000
stack
page read and write
3117000
heap
page read and write
6B0000
heap
page read and write
2DFD000
stack
page read and write
97E0000
direct allocation
page read and write
2A20000
heap
page read and write
193000
stack
page read and write
435000
unkown
page execute read
315E000
heap
page read and write
380B000
heap
page read and write
34D4000
heap
page read and write
97E0000
direct allocation
page read and write
20E7A000
heap
page read and write
87A000
heap
page read and write
540000
direct allocation
page read and write
97E0000
direct allocation
page read and write
400000
unkown
page readonly
3430000
direct allocation
page read and write
40A1000
unkown
page readonly
33A3000
heap
page read and write
51A000
remote allocation
page execute and read and write
2B7E000
stack
page read and write
3430000
direct allocation
page read and write
379F000
heap
page read and write
351F000
heap
page read and write
3D0D000
heap
page read and write
3180000
heap
page read and write
B3F000
stack
page read and write
3172000
heap
page read and write
3AA1000
heap
page read and write
435000
unkown
page execute read
40EE000
stack
page read and write
447000
unkown
page read and write
435000
unkown
page execute read
33CF000
heap
page read and write
3155000
heap
page read and write
97E0000
direct allocation
page read and write
318C000
heap
page read and write
3430000
direct allocation
page read and write
400000
unkown
page readonly
877000
heap
page read and write
3155000
heap
page read and write
30B1000
heap
page read and write
919000
heap
page read and write
3A3C000
heap
page read and write
97E0000
direct allocation
page read and write
92B0000
heap
page read and write
2560000
heap
page read and write
808000
heap
page read and write
39A6000
heap
page read and write
33F3000
heap
page read and write
2A6D000
stack
page read and write
7E9000
unkown
page readonly
919000
heap
page read and write
401000
unkown
page execute read
447000
unkown
page read and write
97E0000
direct allocation
page read and write
33D1000
heap
page read and write
1E6FE000
stack
page read and write
4578000
heap
page execute and read and write
444F000
stack
page read and write
38A9000
heap
page read and write
38B9000
heap
page read and write
4034000
heap
page read and write
5F50000
heap
page read and write
540000
direct allocation
page read and write
41CA000
heap
page read and write
400000
unkown
page readonly
6B5000
heap
page read and write
2BAE000
stack
page read and write
3157000
heap
page read and write
318F000
heap
page read and write
3430000
direct allocation
page read and write
456F000
stack
page read and write
920000
heap
page read and write
3429000
heap
page read and write
97E0000
direct allocation
page read and write
3470000
heap
page read and write
400000
unkown
page readonly
3AE9000
heap
page read and write
1F0000
heap
page read and write
349C000
heap
page read and write
86F000
stack
page read and write
1CEF000
stack
page read and write
2E70000
remote allocation
page read and write
6B7000
heap
page read and write
34AD000
heap
page read and write
540000
direct allocation
page read and write
3430000
direct allocation
page read and write
37B7000
heap
page read and write
97E0000
direct allocation
page read and write
447000
unkown
page read and write
6BB000
heap
page read and write
6B7000
heap
page read and write
30F1000
heap
page read and write
540000
direct allocation
page read and write
3345000
heap
page read and write
3757000
heap
page read and write
20C6E000
heap
page read and write
30C4000
heap
page read and write
97E0000
direct allocation
page read and write
421000
unkown
page write copy
540000
direct allocation
page read and write
37A8000
heap
page read and write
B00000
heap
page execute and read and write
540000
direct allocation
page read and write
401000
unkown
page execute read
2AF0000
heap
page read and write
870000
heap
page read and write
9B000
stack
page read and write
97E8000
direct allocation
page read and write
915000
heap
page read and write
540000
direct allocation
page read and write
438000
unkown
page write copy
30DA000
heap
page read and write
3430000
direct allocation
page read and write
30DA000
heap
page read and write
51E000
stack
page read and write
540000
direct allocation
page read and write
3E55000
heap
page read and write
5EC0000
direct allocation
page read and write
3DFE000
heap
page read and write
3111000
heap
page read and write
3429000
heap
page read and write
34B0000
heap
page read and write
3491000
heap
page read and write
34AD000
heap
page read and write
40A1000
unkown
page readonly
34EC000
heap
page read and write
690000
heap
page read and write
5E0000
heap
page read and write
24A0000
heap
page read and write
44D3000
heap
page execute and read and write
33FE000
heap
page read and write
41E000
unkown
page write copy
3479000
heap
page read and write
4250000
heap
page read and write
279F000
stack
page read and write
41B000
unkown
page write copy
3430000
direct allocation
page read and write
1F7000
heap
page read and write
3430000
direct allocation
page read and write
52B000
remote allocation
page execute and read and write
97E0000
direct allocation
page read and write
8D7000
heap
page read and write
7F0000
heap
page read and write
540000
direct allocation
page read and write
4450000
direct allocation
page read and write
30CC000
stack
page read and write
197000
stack
page read and write
540000
direct allocation
page read and write
438000
unkown
page write copy
9B000
stack
page read and write
438000
unkown
page write copy
3533000
heap
page read and write
3767000
heap
page read and write
1B9E000
stack
page read and write
412000
unkown
page readonly
33B7000
heap
page read and write
3430000
direct allocation
page read and write
401000
unkown
page execute read
20E7C000
heap
page read and write
410000
unkown
page readonly
3EDC000
heap
page read and write
3152000
heap
page read and write
21E0000
heap
page read and write
3446000
heap
page read and write
3469000
heap
page read and write
776000
heap
page read and write
53BE000
stack
page read and write
540000
direct allocation
page read and write
1E721000
direct allocation
page execute read
3165000
heap
page read and write
4350000
direct allocation
page read and write
7E9000
unkown
page readonly
401000
unkown
page execute read
382C000
heap
page read and write
3341000
heap
page read and write
53C0000
heap
page read and write
3B45000
heap
page read and write
2E71000
heap
page read and write
33D5000
heap
page read and write
1E52D000
stack
page read and write
540000
direct allocation
page read and write
401000
unkown
page execute read
3A1C000
heap
page read and write
400000
unkown
page readonly
31A5000
heap
page read and write
3610000
heap
page read and write
3430000
direct allocation
page read and write
33FD000
heap
page read and write
30B1000
heap
page read and write
38A1000
heap
page read and write
45FF000
stack
page read and write
3101000
heap
page read and write
668000
heap
page read and write
40A1000
unkown
page readonly
1F0000
heap
page read and write
97E0000
direct allocation
page read and write
3AFB000
heap
page read and write
3505000
heap
page read and write
90AF000
stack
page read and write
3165000
heap
page read and write
2F71000
heap
page read and write
20DB5000
heap
page read and write
8EF000
heap
page read and write
6A0000
heap
page read and write
CEF000
stack
page read and write
2610000
heap
page read and write
313C000
heap
page read and write
31CA000
stack
page read and write
3155000
heap
page read and write
620000
heap
page read and write
3140000
heap
page read and write
19B000
stack
page read and write
435000
unkown
page execute read
540000
direct allocation
page read and write
3111000
heap
page read and write
3470000
heap
page read and write
3766000
heap
page read and write
3387000
heap
page read and write
418000
unkown
page read and write
275F000
stack
page read and write
3387000
heap
page read and write
840000
heap
page read and write
3172000
heap
page read and write
7C8000
heap
page read and write
97E0000
direct allocation
page read and write
41B000
unkown
page write copy
540000
direct allocation
page read and write
460000
heap
page read and write
3145000
heap
page read and write
3430000
direct allocation
page read and write
540000
heap
page read and write
69E000
stack
page read and write
87E000
heap
page read and write
438000
unkown
page write copy
3CD1000
heap
page read and write
90D000
heap
page read and write
41C0000
heap
page read and write
6E5000
heap
page read and write
2E70000
remote allocation
page read and write
2B64E000
stack
page read and write
33D5000
heap
page read and write
4170000
heap
page read and write
3878000
heap
page read and write
379F000
heap
page read and write
3430000
direct allocation
page read and write
3799000
heap
page read and write
3838000
heap
page read and write
400000
unkown
page readonly
6B5000
heap
page read and write
917000
heap
page read and write
3176000
heap
page read and write
384C000
heap
page read and write
57E000
stack
page read and write
3430000
direct allocation
page read and write
8E6000
heap
page read and write
68E000
stack
page read and write
37E8000
heap
page read and write
33DB000
heap
page read and write
39D6000
heap
page read and write
30CC000
heap
page read and write
3193000
heap
page read and write
391E000
heap
page read and write
3E35000
heap
page read and write
19D000
stack
page read and write
2440000
heap
page read and write
3479000
heap
page read and write
97E0000
direct allocation
page read and write
37B0000
heap
page read and write
401000
unkown
page execute read
533E000
stack
page read and write
3CE6000
heap
page read and write
3430000
direct allocation
page read and write
540000
direct allocation
page read and write
277E000
stack
page read and write
334E000
heap
page read and write
90E000
stack
page read and write
3481000
heap
page read and write
3386000
heap
page read and write
890000
heap
page read and write
435000
unkown
page execute read
3195000
heap
page read and write
41E000
unkown
page write copy
3B45000
heap
page read and write
4258000
heap
page read and write
540000
direct allocation
page read and write
418000
unkown
page write copy
313C000
heap
page read and write
9C000
stack
page read and write
97E0000
direct allocation
page read and write
540000
direct allocation
page read and write
31A8000
heap
page read and write
2A9D000
stack
page read and write
83E000
stack
page read and write
34AF000
heap
page read and write
3430000
direct allocation
page read and write
860000
heap
page read and write
38A0000
heap
page read and write
401000
unkown
page execute read
40A1000
unkown
page readonly
3C9E000
heap
page read and write
3890000
heap
page read and write
540000
direct allocation
page read and write
314D000
heap
page read and write
3A1C000
heap
page read and write
3117000
heap
page read and write
540000
direct allocation
page read and write
51A000
remote allocation
page execute and read and write
3353000
heap
page read and write
2FB0000
remote allocation
page read and write
421000
unkown
page write copy
3430000
direct allocation
page read and write
3494000
heap
page read and write
310B000
heap
page read and write
866000
heap
page read and write
3794000
heap
page read and write
412000
unkown
page readonly
1F0000
heap
page read and write
33FA000
heap
page read and write
1A20000
heap
page read and write
3994000
heap
page read and write
351F000
heap
page read and write
540000
direct allocation
page read and write
3712000
heap
page read and write
540000
direct allocation
page read and write
435000
unkown
page execute read
3BEE000
heap
page read and write
3170000
heap
page read and write
421000
unkown
page write copy
412000
unkown
page readonly
3B45000
heap
page read and write
400000
unkown
page readonly
6FF000
heap
page read and write
421000
unkown
page write copy
195000
stack
page read and write
317A000
heap
page read and write
438000
unkown
page write copy
3517000
heap
page read and write
529000
remote allocation
page execute and read and write
317A000
heap
page read and write
8C0000
heap
page read and write
3858000
heap
page read and write
B0E000
stack
page read and write
340A000
heap
page read and write
2A20000
heap
page read and write
315E000
heap
page read and write
346D000
heap
page read and write
3367000
heap
page read and write
888000
heap
page read and write
33D9000
heap
page read and write
319A000
heap
page read and write
400000
unkown
page readonly
540000
direct allocation
page read and write
1E96F000
direct allocation
page readonly
3386000
heap
page read and write
87A000
heap
page read and write
103AF000
stack
page read and write
410000
unkown
page readonly
3A77000
heap
page read and write
3C77000
heap
page read and write
5F1000
remote allocation
page execute and read and write
30D7000
heap
page read and write
3D10000
heap
page read and write
4B3000
unkown
page read and write
3429000
heap
page read and write
3C56000
heap
page read and write
3C80000
heap
page read and write
382C000
heap
page read and write
540000
direct allocation
page read and write
8FE000
heap
page read and write
401000
unkown
page execute read
334D000
heap
page read and write
41B000
unkown
page read and write
1B00000
heap
page read and write
540000
direct allocation
page read and write
1A04000
unkown
page readonly
5D5000
heap
page read and write
6A0000
heap
page read and write
2BB9000
heap
page read and write
1BE0000
heap
page read and write
7FE000
stack
page read and write
52B000
remote allocation
page execute and read and write
40F0000
heap
page read and write
316C000
heap
page read and write
221F000
stack
page read and write
3359000
heap
page read and write
421000
unkown
page write copy
345D000
stack
page read and write
915000
heap
page read and write
41B000
unkown
page write copy
438000
unkown
page write copy
2B6D000
stack
page read and write
8CF000
stack
page read and write
7E6000
unkown
page read and write
3824000
heap
page read and write
40F0000
heap
page read and write
3B45000
heap
page read and write
3B0F000
heap
page read and write
540000
direct allocation
page read and write
33CC000
heap
page read and write
317F000
heap
page read and write
540000
direct allocation
page read and write
3430000
direct allocation
page read and write
3F54000
heap
page read and write
7B2000
heap
page read and write
1F0000
heap
page read and write
33DE000
heap
page read and write
37F3000
heap
page read and write
925000
heap
page read and write
40A1000
unkown
page readonly
900000
heap
page read and write
70F000
heap
page read and write
437A000
heap
page read and write
9C000
stack
page read and write
866000
heap
page read and write
B3C000
heap
page execute and read and write
84E000
heap
page read and write
3387000
heap
page read and write
540000
direct allocation
page read and write
40EE000
stack
page read and write
21D0000
heap
page read and write
2BBE000
stack
page read and write
529000
remote allocation
page execute and read and write
580000
heap
page read and write
400000
unkown
page readonly
401000
unkown
page execute read
AC0000
heap
page execute and read and write
350C000
heap
page read and write
3D10000
heap
page read and write
2F95000
heap
page read and write
315E000
heap
page read and write
778000
heap
page read and write
3D3E000
heap
page read and write
97E0000
direct allocation
page read and write
19D000
stack
page read and write
3D10000
heap
page read and write
438000
unkown
page write copy
97E0000
direct allocation
page read and write
401000
unkown
page execute read
540000
direct allocation
page read and write
438000
unkown
page write copy
351F000
heap
page read and write
919000
heap
page read and write
97E0000
direct allocation
page read and write
540000
direct allocation
page read and write
97E0000
direct allocation
page read and write
915000
heap
page read and write
3BA6000
heap
page read and write
3B0E000
heap
page read and write
3430000
direct allocation
page read and write
540000
direct allocation
page read and write
97E0000
direct allocation
page read and write
97E0000
direct allocation
page read and write
5B7000
heap
page read and write
1E728000
direct allocation
page execute read
37F3000
heap
page read and write
412000
unkown
page readonly
97E0000
direct allocation
page read and write
2E70000
heap
page read and write
2700000
heap
page read and write
3D10000
heap
page read and write
540000
direct allocation
page read and write
3CEF000
heap
page read and write
30D7000
heap
page read and write
97E0000
direct allocation
page read and write
B4C000
heap
page read and write
435000
unkown
page execute read
5B0000
heap
page read and write
412000
unkown
page readonly
540000
direct allocation
page read and write
3A91000
heap
page read and write
412000
unkown
page readonly
43B000
unkown
page read and write
3787000
heap
page read and write
3505000
heap
page read and write
1A04000
unkown
page readonly
97E0000
direct allocation
page read and write
930000
heap
page read and write
9C000
stack
page read and write
37FD000
heap
page read and write
97E0000
direct allocation
page read and write
33F3000
heap
page read and write
540000
direct allocation
page read and write
1E962000
direct allocation
page read and write
25CF000
stack
page read and write
3B45000
heap
page read and write
25E0000
heap
page read and write
97E0000
direct allocation
page read and write
3AFB000
heap
page read and write
348D000
heap
page read and write
401B000
heap
page read and write
345B000
heap
page read and write
421000
unkown
page write copy
3EE3000
heap
page read and write
34C5000
heap
page read and write
6B6000
heap
page read and write
438000
unkown
page write copy
3430000
direct allocation
page read and write
3487000
heap
page read and write
312E000
heap
page read and write
317A000
heap
page read and write
19D000
stack
page read and write
400000
unkown
page readonly
97E0000
direct allocation
page read and write
6B4000
heap
page read and write
128EF000
stack
page read and write
3ACA000
heap
page read and write
8AE000
stack
page read and write
3192000
heap
page read and write
19B000
stack
page read and write
97E0000
direct allocation
page read and write
36F9000
heap
page read and write
1293E000
stack
page read and write
97E4000
direct allocation
page read and write
3491000
heap
page read and write
37C8000
heap
page read and write
3430000
direct allocation
page read and write
403C000
heap
page read and write
97E0000
direct allocation
page read and write
24BF000
stack
page read and write
3BB7000
heap
page read and write
3A1C000
heap
page read and write
919000
heap
page read and write
2EC0000
heap
page read and write
3157000
heap
page read and write
7E9000
unkown
page readonly
84E000
heap
page read and write
334D000
heap
page read and write
401000
unkown
page execute read
3430000
direct allocation
page read and write
435000
unkown
page execute read
3117000
heap
page read and write
3A75000
heap
page read and write
7E9000
unkown
page readonly
87A000
heap
page read and write
970000
heap
page read and write
90C000
heap
page read and write
3162000
heap
page read and write
6B7000
heap
page read and write
310B000
heap
page read and write
2FB1000
heap
page read and write
1CFE000
heap
page read and write
3101000
heap
page read and write
40A1000
unkown
page readonly
97E0000
direct allocation
page read and write
97E0000
direct allocation
page read and write
447000
unkown
page read and write
401000
unkown
page execute read
335C000
stack
page read and write
3994000
heap
page read and write
660000
heap
page read and write
37D7000
heap
page read and write
287F000
stack
page read and write
540000
direct allocation
page read and write
B7E000
stack
page read and write
97E0000
direct allocation
page read and write
51E000
stack
page read and write
447000
unkown
page read and write
3702000
heap
page read and write
19D000
stack
page read and write
350F000
heap
page read and write
334A000
heap
page read and write
3155000
heap
page read and write
34A0000
heap
page read and write
97E0000
direct allocation
page read and write
97E0000
direct allocation
page read and write
315E000
heap
page read and write
82E000
stack
page read and write
540000
direct allocation
page read and write
1E660000
trusted library allocation
page read and write
97E0000
direct allocation
page read and write
40A1000
unkown
page readonly
3145000
heap
page read and write
540000
direct allocation
page read and write
409F000
unkown
page read and write
9B000
stack
page read and write
540000
direct allocation
page read and write
409F000
unkown
page read and write
391E000
heap
page read and write
3430000
direct allocation
page read and write
400000
unkown
page readonly
319A000
heap
page read and write
2A5D000
stack
page read and write
2E71000
heap
page read and write
1F0000
heap
page read and write
3430000
direct allocation
page read and write
370B000
heap
page read and write
4A0000
heap
page read and write
434F000
stack
page read and write
9C000
stack
page read and write
56E000
stack
page read and write
34B1000
heap
page read and write
438000
unkown
page write copy
335B000
heap
page read and write
1B4E000
stack
page read and write
379E000
heap
page read and write
97E0000
direct allocation
page read and write
2B3E000
stack
page read and write
3505000
heap
page read and write
2770000
heap
page read and write
30DC000
heap
page read and write
7E6000
unkown
page read and write
540000
direct allocation
page read and write
3349000
heap
page read and write
314F000
heap
page read and write
314D000
heap
page read and write
3359000
heap
page read and write
350D000
heap
page read and write
3A1C000
heap
page read and write
435000
unkown
page execute read
857000
heap
page read and write
400000
unkown
page readonly
8F8000
heap
page read and write
727000
heap
page read and write
37B0000
heap
page read and write
8FE000
stack
page read and write
2D1E000
stack
page read and write
9B000
stack
page read and write
7E9000
unkown
page readonly
336F000
heap
page read and write
84E000
heap
page read and write
45F0000
heap
page read and write
3430000
direct allocation
page read and write
894000
heap
page read and write
3A74000
heap
page read and write
3AEA000
heap
page read and write
3429000
heap
page read and write
1E92D000
direct allocation
page execute read
390D000
heap
page read and write
960000
heap
page read and write
7AE000
stack
page read and write
400000
unkown
page readonly
1C5000
heap
page read and write
3B0E000
heap
page read and write
3387000
heap
page read and write
6C2000
heap
page read and write
351F000
heap
page read and write
880000
heap
page execute and read and write
3691000
heap
page read and write
3143000
heap
page read and write
5B0000
heap
page read and write
97E0000
direct allocation
page read and write
3176000
heap
page read and write
3986000
heap
page read and write
400000
unkown
page readonly
34CD000
heap
page read and write
3AEA000
heap
page read and write
830000
heap
page read and write
413E000
stack
page read and write
3EE3000
heap
page read and write
3387000
heap
page read and write
401000
unkown
page execute read
52FE000
stack
page read and write
438000
unkown
page write copy
1CF0000
heap
page read and write
3153000
heap
page read and write
3176000
heap
page read and write
B2A000
heap
page read and write
3430000
direct allocation
page read and write
B92F000
stack
page read and write
3191000
heap
page read and write
AEE000
stack
page read and write
23BE000
stack
page read and write
400000
unkown
page readonly
540000
direct allocation
page read and write
3BB9000
heap
page read and write
540000
direct allocation
page read and write
540000
direct allocation
page read and write
4500000
heap
page read and write
421000
unkown
page write copy
3161000
heap
page read and write
3430000
direct allocation
page read and write
2F8C000
heap
page read and write
2E5E000
stack
page read and write
9B000
stack
page read and write
8D7000
heap
page read and write
401000
unkown
page execute read
37B0000
heap
page read and write
3D2D000
heap
page read and write
8EC000
heap
page read and write
34A1000
heap
page read and write
97E0000
direct allocation
page read and write
7E6000
unkown
page read and write
3189000
heap
page read and write
580000
heap
page read and write
1F0000
heap
page read and write
1F0000
heap
page read and write
3080000
heap
page read and write
3341000
heap
page read and write
B36000
heap
page read and write
6A0000
heap
page read and write
438000
unkown
page write copy
877000
heap
page read and write
6C2000
heap
page read and write
3D2D000
heap
page read and write
351F000
heap
page read and write
3387000
heap
page read and write
37F3000
heap
page read and write
70B000
heap
page read and write
2E20000
remote allocation
page read and write
391E000
heap
page read and write
34AD000
heap
page read and write
19E000
stack
page read and write
97E0000
direct allocation
page read and write
334B000
heap
page read and write
680000
heap
page read and write
3A1C000
heap
page read and write
65E000
stack
page read and write
199E0000
heap
page read and write
319F000
heap
page read and write
90C000
heap
page read and write
40A1000
unkown
page readonly
97E0000
direct allocation
page read and write
9A0000
heap
page read and write
19E000
stack
page read and write
437E000
heap
page read and write
37FD000
heap
page read and write
3349000
heap
page read and write
1BF7F000
stack
page read and write
97E0000
direct allocation
page read and write
5D7000
heap
page read and write
3AA1000
heap
page read and write
1E92F000
direct allocation
page readonly
A7F000
stack
page read and write
33D1000
heap
page read and write
3C13000
heap
page read and write
435000
unkown
page execute read
97E0000
direct allocation
page read and write
6D8000
heap
page read and write
727000
heap
page read and write
3387000
heap
page read and write
3D2D000
heap
page read and write
34ED000
heap
page read and write
8EC000
heap
page read and write
351F000
heap
page read and write
1E720000
direct allocation
page execute and read and write
3C96000
heap
page read and write
33D5000
heap
page read and write
AF7000
heap
page read and write
3185000
heap
page read and write
97E0000
direct allocation
page read and write
97E7000
direct allocation
page read and write
1A02000
unkown
page read and write
3353000
heap
page read and write
1F0000
heap
page read and write
235E000
stack
page read and write
37A3000
heap
page read and write
97E0000
direct allocation
page read and write
90D000
heap
page read and write
540000
direct allocation
page read and write
97E0000
direct allocation
page read and write
7CB000
heap
page read and write
2E71000
heap
page read and write
40C0000
heap
page read and write
7E6000
unkown
page read and write
376F000
heap
page read and write
3A1C000
heap
page read and write
3CEF000
heap
page read and write
3155000
heap
page read and write
2440000
direct allocation
page read and write
6A9000
heap
page read and write
193000
stack
page read and write
6120000
heap
page read and write
3185000
heap
page read and write
3CED000
heap
page read and write
2BBE000
stack
page read and write
34DD000
heap
page read and write
3EDE000
heap
page read and write
401000
unkown
page execute read
3B46000
heap
page read and write
401000
unkown
page execute read
344E000
heap
page read and write
376F000
heap
page read and write
2CB0000
heap
page read and write
3517000
heap
page read and write
97E0000
direct allocation
page read and write
279E000
stack
page read and write
3429000
heap
page read and write
3157000
heap
page read and write
7E9000
unkown
page readonly
3377000
heap
page read and write
848000
heap
page read and write
3220000
heap
page read and write
7C8000
heap
page read and write
2DEF000
stack
page read and write
351F000
heap
page read and write
199E0000
remote allocation
page read and write
3117000
heap
page read and write
351F000
heap
page read and write
198000
stack
page read and write
3387000
heap
page read and write
3430000
direct allocation
page read and write
9C000
stack
page read and write
3A1D000
heap
page read and write
3199000
heap
page read and write
3A77000
heap
page read and write
376F000
heap
page read and write
97E0000
direct allocation
page read and write
85F000
stack
page read and write
540000
direct allocation
page read and write
3343000
heap
page read and write
36F3000
heap
page read and write
33F3000
heap
page read and write
3430000
direct allocation
page read and write
400000
unkown
page readonly
1F0000
heap
page read and write
34B3000
heap
page read and write
36A1000
heap
page read and write
2A1F000
stack
page read and write
34DD000
heap
page read and write
314D000
heap
page read and write
3AE1000
heap
page read and write
B00000
heap
page read and write
2E20000
remote allocation
page read and write
3469000
heap
page read and write
3436000
heap
page read and write
3430000
direct allocation
page read and write
540000
direct allocation
page read and write
1E710000
heap
page read and write
3176000
heap
page read and write
890000
heap
page read and write
97E0000
direct allocation
page read and write
421000
unkown
page write copy
3430000
direct allocation
page read and write
6F4000
heap
page read and write
24B0000
heap
page read and write
3D3D000
heap
page read and write
919000
heap
page read and write
79C000
heap
page read and write
7CA000
heap
page read and write
1BF90000
heap
page read and write
87A000
heap
page read and write
41CE000
heap
page read and write
3C80000
heap
page read and write
97E0000
direct allocation
page read and write
2B6D000
stack
page read and write
848000
heap
page read and write
3187000
heap
page read and write
4370000
heap
page read and write
20DD3000
heap
page read and write
412000
unkown
page readonly
438000
unkown
page write copy
435000
unkown
page execute read
3371000
heap
page read and write
540000
direct allocation
page read and write
902000
heap
page read and write
79C000
heap
page read and write
3117000
heap
page read and write
3B0E000
heap
page read and write
417E000
stack
page read and write
2A1F000
stack
page read and write
866000
heap
page read and write
40A1000
unkown
page readonly
540000
direct allocation
page read and write
3398000
heap
page read and write
1F0000
heap
page read and write
3183000
heap
page read and write
2CC0000
heap
page read and write
A7E000
stack
page read and write
2CFE000
stack
page read and write
466F000
stack
page read and write
44E000
stack
page read and write
37BF000
heap
page read and write
7E9000
unkown
page readonly
8E3000
heap
page read and write
3D2D000
heap
page read and write
3BA6000
heap
page read and write
3430000
direct allocation
page read and write
7BF000
stack
page read and write
8EC000
heap
page read and write
435000
unkown
page execute read
401000
unkown
page execute read
400000
unkown
page readonly
5FA0000
heap
page read and write
3357000
heap
page read and write
540000
direct allocation
page read and write
444F000
stack
page read and write
1F0000
heap
page read and write
315E000
heap
page read and write
540000
direct allocation
page read and write
9C000
stack
page read and write
540000
direct allocation
page read and write
33C1000
heap
page read and write
3994000
heap
page read and write
4B3000
unkown
page read and write
19C000
stack
page read and write
540000
direct allocation
page read and write
97E0000
direct allocation
page read and write
400000
unkown
page readonly
97E0000
direct allocation
page read and write
3A26000
heap
page read and write
401000
unkown
page execute read
30B0000
heap
page read and write
3491000
heap
page read and write
2E1F000
stack
page read and write
3C77000
heap
page read and write
19B000
stack
page read and write
19B000
stack
page read and write
97E0000
direct allocation
page read and write
9C000
stack
page read and write
344B000
heap
page read and write
3198000
heap
page read and write
376F000
heap
page read and write
409F000
unkown
page read and write
52B000
remote allocation
page execute and read and write
7E9000
unkown
page readonly
3C16000
heap
page read and write
3430000
direct allocation
page read and write
2E70000
remote allocation
page read and write
3B65000
heap
page read and write
29FF000
stack
page read and write
8F6000
heap
page read and write
438000
unkown
page write copy
3A3C000
heap
page read and write
265E000
stack
page read and write
401000
unkown
page execute read
3757000
heap
page read and write
421000
unkown
page write copy
3691000
heap
page read and write
401000
unkown
page execute read
36F3000
heap
page read and write
3429000
heap
page read and write
69D000
heap
page read and write
2E70000
remote allocation
page read and write
905000
heap
page read and write
33CB000
heap
page read and write
3850000
heap
page read and write
3538000
heap
page read and write
3176000
heap
page read and write
3D2D000
heap
page read and write
97E0000
direct allocation
page read and write
850000
heap
page read and write
1BFEC000
stack
page read and write
3430000
direct allocation
page read and write
97E0000
direct allocation
page read and write
97E0000
direct allocation
page read and write
400000
unkown
page readonly
351F000
heap
page read and write
3145000
heap
page read and write
3387000
heap
page read and write
400000
unkown
page readonly
5E7000
heap
page read and write
514000
remote allocation
page execute and read and write
3117000
heap
page read and write
B20000
heap
page read and write
540000
direct allocation
page read and write
37AF000
heap
page read and write
97E0000
direct allocation
page read and write
6C2000
heap
page read and write
1CFA000
heap
page read and write
318C000
heap
page read and write
919000
heap
page read and write
2FB0000
remote allocation
page read and write
3163000
heap
page read and write
400000
unkown
page readonly
97E0000
direct allocation
page read and write
197000
stack
page read and write
AB0000
heap
page read and write
1C0000
heap
page read and write
34F5000
heap
page read and write
B10000
heap
page read and write
3341000
heap
page read and write
3470000
heap
page read and write
540000
direct allocation
page read and write
2310000
heap
page read and write
412000
unkown
page readonly
41B000
unkown
page read and write
421000
unkown
page write copy
3996000
heap
page read and write
400000
unkown
page readonly
3C62000
heap
page read and write
7E9000
unkown
page readonly
412000
unkown
page readonly
3830000
heap
page read and write
28FE000
stack
page read and write
33DB000
heap
page read and write
421000
unkown
page write copy
3ACA000
heap
page read and write
C7F000
stack
page read and write
30CC000
heap
page read and write
193000
stack
page read and write
3430000
direct allocation
page read and write
3377000
heap
page read and write
9C000
stack
page read and write
400000
unkown
page readonly
3713000
heap
page read and write
2F70000
heap
page read and write
3429000
heap
page read and write
445F000
stack
page read and write
540000
direct allocation
page read and write
540000
direct allocation
page read and write
3493000
heap
page read and write
1F0000
heap
page read and write
3A06000
heap
page read and write
2CBF000
stack
page read and write
AF0000
heap
page read and write
3484000
heap
page read and write
3702000
heap
page read and write
41B000
unkown
page read and write
7E6000
unkown
page read and write
70F000
heap
page read and write
69C000
heap
page read and write
63F000
remote allocation
page execute and read and write
3343000
heap
page read and write
540000
direct allocation
page read and write
3430000
direct allocation
page read and write
34CD000
heap
page read and write
33C2000
heap
page read and write
3B45000
heap
page read and write
435000
unkown
page execute read
922000
heap
page read and write
2910D000
stack
page read and write
199E0000
remote allocation
page read and write
880000
heap
page read and write
3703000
heap
page read and write
540000
direct allocation
page read and write
36B1000
heap
page read and write
97E0000
direct allocation
page read and write
242F000
stack
page read and write
3452000
heap
page read and write
420E000
stack
page read and write
91B000
heap
page read and write
1F0000
heap
page read and write
265F000
stack
page read and write
97E0000
direct allocation
page read and write
7C8000
heap
page read and write
9B000
stack
page read and write
353B000
heap
page read and write
342E000
heap
page read and write
3430000
direct allocation
page read and write
3147000
heap
page read and write
40A1000
unkown
page readonly
3189000
heap
page read and write
6F4000
heap
page read and write
438000
unkown
page write copy
33E3000
heap
page read and write
3B45000
heap
page read and write
289F000
stack
page read and write
3D1D000
heap
page read and write
97E0000
direct allocation
page read and write
540000
direct allocation
page read and write
3996000
heap
page read and write
3D2D000
heap
page read and write
7C1000
heap
page read and write
7E9000
unkown
page readonly
435000
unkown
page execute read
3430000
direct allocation
page read and write
97E0000
direct allocation
page read and write
97E0000
direct allocation
page read and write
529000
remote allocation
page execute and read and write
1998D000
stack
page read and write
924000
heap
page read and write
290E000
stack
page read and write
927000
heap
page read and write
870000
heap
page read and write
3CED000
heap
page read and write
708000
heap
page read and write
3461000
heap
page read and write
7E9000
unkown
page readonly
3361000
heap
page read and write
540000
direct allocation
page read and write
421000
unkown
page write copy
3140000
heap
page read and write
9AE000
stack
page read and write
3429000
heap
page read and write
83E000
stack
page read and write
316C000
heap
page read and write
924000
heap
page read and write
31A8000
heap
page read and write
8E9000
heap
page read and write
921000
heap
page read and write
540000
direct allocation
page read and write
2BA8000
heap
page read and write
9B000
stack
page read and write
6BF000
heap
page read and write
97E0000
direct allocation
page read and write
3145000
heap
page read and write
438000
unkown
page write copy
34A9000
heap
page read and write
3533000
heap
page read and write
3430000
direct allocation
page read and write
7E6000
unkown
page read and write
6EC000
heap
page read and write
97E0000
direct allocation
page read and write
400000
unkown
page readonly
540000
direct allocation
page read and write
3386000
heap
page read and write
540000
direct allocation
page read and write
24A0000
heap
page read and write
3198000
heap
page read and write
540000
direct allocation
page read and write
2BA0000
heap
page read and write
379B000
heap
page read and write
922000
heap
page read and write
3117000
heap
page read and write
97E0000
direct allocation
page read and write
5D0000
heap
page read and write
540000
direct allocation
page read and write
273F000
stack
page read and write
3409000
heap
page read and write
3DD5000
heap
page read and write
393D000
heap
page read and write
2590000
heap
page read and write
7E9000
unkown
page readonly
25D0000
heap
page read and write
24A0000
heap
page read and write
31A8000
heap
page read and write
9B000
stack
page read and write
8FE000
heap
page read and write
540000
direct allocation
page read and write
314A000
heap
page read and write
34CD000
heap
page read and write
3ABB000
heap
page read and write
334E000
heap
page read and write
3848000
heap
page read and write
3C0B000
heap
page read and write
3176000
heap
page read and write
3530000
heap
page read and write
3117000
heap
page read and write
2E70000
remote allocation
page read and write
558000
remote allocation
page execute and read and write
31A7000
heap
page read and write
540000
heap
page read and write
3481000
heap
page read and write
540000
direct allocation
page read and write
3CCE000
heap
page read and write
3430000
direct allocation
page read and write
2180000
heap
page read and write
3198000
heap
page read and write
70E000
heap
page read and write
193000
stack
page read and write
412000
unkown
page readonly
343D000
heap
page read and write
34B4000
heap
page read and write
9B000
stack
page read and write
915000
heap
page read and write
33F3000
heap
page read and write
3A75000
heap
page read and write
30DC000
heap
page read and write
2FB0000
remote allocation
page read and write
318C000
heap
page read and write
348D000
heap
page read and write
4700000
heap
page read and write
3824000
heap
page read and write
CAF000
stack
page read and write
40B0000
heap
page read and write
40F0000
heap
page read and write
4270000
heap
page read and write
940000
heap
page read and write
418000
unkown
page write copy
540000
direct allocation
page read and write
7E9000
unkown
page readonly
540000
direct allocation
page read and write
2D1E000
stack
page read and write
540000
direct allocation
page read and write
409F000
unkown
page read and write
800000
heap
page read and write
69D000
heap
page read and write
97E0000
direct allocation
page read and write
35B0000
direct allocation
page read and write
3481000
heap
page read and write
377E000
heap
page read and write
3888000
heap
page read and write
317F000
heap
page read and write
400000
unkown
page readonly
1E886000
direct allocation
page execute read
84E000
heap
page read and write
3192000
heap
page read and write
41C000
unkown
page write copy
97E0000
direct allocation
page read and write
20C75000
heap
page read and write
36F7000
heap
page read and write
1E96A000
direct allocation
page readonly
6F4000
heap
page read and write
8F8000
heap
page read and write
97E0000
direct allocation
page read and write
2F7B000
heap
page read and write
540000
direct allocation
page read and write
3EDE000
heap
page read and write
3430000
direct allocation
page read and write
540000
direct allocation
page read and write
9B000
stack
page read and write
39D6000
heap
page read and write
173FD000
stack
page read and write
There are 1730 hidden memdumps, click here to show them.