Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LEADER_Setup_2024-03-01.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0019.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH001b.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH001d.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0021.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0023.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0025.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0027.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0029.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH002b.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH002d.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH002f.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0031.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0033.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0035.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0037.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH003a.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH003c.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH003e.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0040.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0043.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0045.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0047.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0049.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH004b.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH004d.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH004f.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0051.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0053.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0055.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0057.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0059.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH005b.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH005d.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH005f.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0061.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0063.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH006a.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH006d.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH006f.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0071.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\PROGRA~2\LEADER\Bin\~GLH0073.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO2535.TLB (copy)
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\~GLH0002.TMP
|
data
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\American.vtd (copy)
|
data
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\Filecopy.avi (copy)
|
RIFF (little-endian) data, AVI, 260 x 40, 10.00 fps, video: RLE 8bpp
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\LDR.ico (copy)
|
MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\LDT.ico (copy)
|
MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\LEADER.ico (copy)
|
MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\Leader Install.reg (copy)
|
Windows Registry little-endian text (Win2K or above)
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\Splash.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\UNWISE.EXE (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\Vspeller.hlp (copy)
|
MS Windows 3.0 help, Mon Jun 26 07:46:43 1995, 15819 bytes
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\temp.000
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0018.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH001a.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH001c.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0020.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0022.TMP
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0024.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0026.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0028.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH002a.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH002c.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH002e.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0030.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0032.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0034.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0036.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0038.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0039.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH003b.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH003d.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH003f.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0041.TMP
|
MS Windows 3.0 help, Mon Jun 26 07:46:43 1995, 15819 bytes
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0042.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0044.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0046.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0048.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH004a.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH004c.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH004e.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0050.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0052.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0054.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0056.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0058.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH005a.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH005c.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH005e.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0060.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0062.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0064.TMP
|
RIFF (little-endian) data, AVI, 260 x 40, 10.00 fps, video: RLE 8bpp
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0065.TMP
|
MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0066.TMP
|
MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0067.TMP
|
MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0068.TMP
|
Windows Registry little-endian text (Win2K or above)
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0069.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH006b.TMP
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH006c.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH006e.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH0070.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\Bin\~GLH00be.TMP
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\CustomHelp.htm (copy)
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\bin\TimesUp.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\~GLH0016.TMP
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\~GLH0075.TMP
|
data
|
dropped
|
||
|
C:\Program Files (x86)\LEADER\~GLH0076.TMP
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\LEADER\Help.chm (copy)
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\ProgramData\LEADER\~GLH00bc.TMP
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER Help.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Apr 26 14:46:50
2024, mtime=Fri Apr 26 14:46:50 2024, atime=Fri Sep 15 04:39:06 2023, length=2108096, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER Program Folder.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Directory,
ctime=Fri Apr 26 14:46:45 2024, mtime=Fri Apr 26 14:46:50 2024, atime=Fri Apr 26 14:46:48 2024, length=0, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER User Folder.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Fri Apr 26 14:46:48
2024, mtime=Fri Apr 26 14:46:50 2024, atime=Fri Apr 26 14:46:50 2024, length=8192, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive,
ctime=Fri Apr 26 14:46:45 2024, mtime=Fri Apr 26 14:46:50 2024, atime=Fri Mar 1 14:42:26 2024, length=3981312, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\LEADER.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive,
ctime=Fri Apr 26 14:46:45 2024, mtime=Fri Apr 26 14:46:45 2024, atime=Fri Mar 1 14:42:26 2024, length=3981312, window=hide
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Buncefield BowTie Example.ldr (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr.Change1 (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr.Change2 (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr.Change3 (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Chlorine Unloading and Blowdown.ldr.Change4 (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\D-20-03-F-100-15.PDF (copy)
|
PDF document, version 1.3, 1 pages
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Dictionary\Custom.dic (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Dictionary\~GLH0074.TMP
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Example 3-dimensional risk scoring.ldr (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Example FMEA.ldr (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Example Hazard Review.ldr (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Example Procedure Writing Worksheet.ldr (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\HAZID-Bowtie Example.ldr (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Isostripper.ldr (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\ProgramUseLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Causes only.txt (copy)
|
HTML document, ASCII text, with very long lines (20006), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Checklist Topics,Detailed Questions,Responses,ActionNum,RepeatingHdr.txt
(copy)
|
HTML document, ASCII text, with very long lines (22296), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Checklist Topics,Responses,ActionNum,RepeatingHdr.txt (copy)
|
HTML document, ASCII text, with very long lines (22680), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,MatrixSLR,Sfg,ActionTypeNoText,R-Hdr.txt (copy)
|
HTML document, ASCII text, with very long lines (23217), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,MatrixUnmitSLR,Sfg,MitSLR,ActionTypeNo,ProjSLR,S-Hdr,R-Hdr.txt
(copy)
|
HTML document, ASCII text, with very long lines (23719), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,SLR,Sfg,RecNoText,R-Hdr.txt (copy)
|
HTML document, ASCII text, with very long lines (23137), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,Sfg,ActionTypeNo,R-Hdr.txt (copy)
|
HTML document, ASCII text, with very long lines (23653), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,Sfg,MatrixSLR,ActionTypeNoTextResp,S-Hdr,R-Hdr.txt (copy)
|
HTML document, ASCII text, with very long lines (22908), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,Sfg,RecNoText,R-Hdr.txt (copy)
|
HTML document, ASCII text, with very long lines (24033), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\Dev,Cause,Conseq,UnmitSLR,Sfg,ActionTypeNoText,R-Hdr.txt (copy)
|
HTML document, ASCII text, with very long lines (23217), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0080.TMP
|
HTML document, ASCII text, with very long lines (20006), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0081.TMP
|
HTML document, ASCII text, with very long lines (22296), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0082.TMP
|
HTML document, ASCII text, with very long lines (22680), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0084.TMP
|
HTML document, ASCII text, with very long lines (23217), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0085.TMP
|
HTML document, ASCII text, with very long lines (23719), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0086.TMP
|
HTML document, ASCII text, with very long lines (23653), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0087.TMP
|
HTML document, ASCII text, with very long lines (22908), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0088.TMP
|
HTML document, ASCII text, with very long lines (24033), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH0089.TMP
|
HTML document, ASCII text, with very long lines (23137), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\PublishSettings\~GLH008a.TMP
|
HTML document, ASCII text, with very long lines (23217), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\Custom LOPA Report Template.dotx (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\Custom Report Template.dotx (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\CustomReportFields.docx (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\Full Report Template.dotx (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\LEADER Blank Template.dotx (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\LEADER Macros.dot (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: LEADER Report Template,
Subject: Standard Microsoft Word document template for reports generated by HazardReview LEADER. This file must be present
in the root Leader4 directory. Contains the special paragraph/character styles, macros, and toolbars used in HazardReview
LEADER reports., Author: Tom R. Williams, Template: Leader w-Comments macro2.dot, Last Saved By: Tom R. Williams, Revision
Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Last Printed: Mon Nov 3 22:45:00
2003, Create Time/Date: Fri Dec 21 22:47:00 2018, Last Saved Time/Date: Fri Dec 21 22:47:00 2018, Number of Pages: 1, Number
of Words: 0, Number of Characters: 0, Security: 0
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\LOPA Template.xltm (copy)
|
Microsoft Excel 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\Outline.potx (copy)
|
Microsoft PowerPoint 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\Recommendations.potx (copy)
|
Microsoft PowerPoint 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\Spanish Template.ldt (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\Task Analysis Template.ldt (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH0077.TMP
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH0078.TMP
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH0079.TMP
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH007a.TMP
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH007b.TMP
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: LEADER Report Template,
Subject: Standard Microsoft Word document template for reports generated by HazardReview LEADER. This file must be present
in the root Leader4 directory. Contains the special paragraph/character styles, macros, and toolbars used in HazardReview
LEADER reports., Author: Tom R. Williams, Template: Leader w-Comments macro2.dot, Last Saved By: Tom R. Williams, Revision
Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Last Printed: Mon Nov 3 22:45:00
2003, Create Time/Date: Fri Dec 21 22:47:00 2018, Last Saved Time/Date: Fri Dec 21 22:47:00 2018, Number of Pages: 1, Number
of Words: 0, Number of Characters: 0, Security: 0
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH007c.TMP
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH007d.TMP
|
Microsoft PowerPoint 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH007e.TMP
|
Microsoft PowerPoint 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH007f.TMP
|
Microsoft Excel 2007+
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH00ab.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\Templates\~GLH00ac.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\WorksheetReportWorkshop.ldr (copy)
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00ad.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00ae.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00af.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b0.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b1.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b2.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b3.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b4.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b5.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b6.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b7.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b8.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00b9.TMP
|
Microsoft Access Database
|
dropped
|
||
|
C:\Users\Public\Documents\LEADER\~GLH00ba.TMP
|
PDF document, version 1.3, 1 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\GLCB916.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\GLFC501.tmp (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\GLGC4E0.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\GLJB936.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~GLH0000.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\VirtualStore\Windows\netdet.ini
|
ASCII text, with very long lines (484), with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:46:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Windows\LEADER.MIF
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\SysWOW64\COMDLG32.OCX (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Comct332.ocx (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Dblist32.ocx (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Jbfllf.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\MSCOMCTL.OCX (copy)
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Mscomct2.ocx (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Msstdfmt.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Odbctl32.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Richtx32.ocx (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Tabctl32.ocx (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Threed32.ocx (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\Vb5db.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\temp.000
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0003.TMP
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0004.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0005.TMP
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0006.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0007.TMP
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0008.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0009.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH000a.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH000b.TMP
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH000c.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH000d.TMP
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH000e.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH000f.TMP
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0010.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0011.TMP
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0012.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0013.TMP
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH0014.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH001f.TMP (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\~GLH00bd.TMP
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
Chrome Cache Entry: 208
|
ASCII text, with very long lines (784)
|
downloaded
|
There are 225 hidden files, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
142.250.217.164
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.189.131
|
unknown
|
United States
|
||
|
142.250.217.164
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
172.217.2.206
|
unknown
|
United States
|
||
|
108.177.11.84
|
unknown
|
United States
|