VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: Ransomware, Trojan |
rdfg546fgh.exe
Windows Exe (x86-32)
Created at 2019-06-10T12:14:00
Remarks (2/2)
(0x200000e): The overall sleep time of all monitored processes was truncated from "1 minute, 10 seconds" to "10 seconds" to reveal dormant functionality.
Remarks
(0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.
(0x200001b): The maximum number of file reputation requests per analysis (150) was exceeded.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
File Reputation Information
»
Severity |
Blacklisted
|
First Seen | 2019-06-07 15:36 (UTC+2) |
Last Seen | 2019-06-10 13:21 (UTC+2) |
Names | ByteCode-MSIL.Trojan.Kryptik |
Families | Kryptik |
Classification | Trojan |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x43d92e |
Size Of Code | 0x3ba00 |
Size Of Initialized Data | 0x29a00 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 1979-10-02 12:32:44+00:00 |
Version Information (10)
»
Assembly Version | 0.0.0.0 |
Comments | iturimocabodewoxey |
CompanyName | evezaloxunebarid |
FileDescription | ebiyonog |
FileVersion | 5.8.11.14 |
InternalName | rdfg546fgh.exe |
LegalCopyright | Copyright © 2005 |
OriginalFilename | rdfg546fgh.exe |
ProductName | ebiyonog |
ProductVersion | 5.8.11.14 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x3b934 | 0x3ba00 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.5 |
.rsrc | 0x43e000 | 0x29800 | 0x29800 | 0x3bc00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.37 |
.reloc | 0x468000 | 0xc | 0x200 | 0x65400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | 0x0 | 0x402000 | 0x3d900 | 0x3bb00 | 0x0 |
Digital Signatures (1)
»
Certificate: Amazon Services LLC
»
Issued by | Amazon Services LLC |
Country Name | US |
Valid From | 2018-03-29 00:00:00+00:00 |
Valid Until | 2020-03-29 23:59:59+00:00 |
Algorithm | sha256_rsa |
Serial Number | 39 4F 2C 22 62 CC 2D B9 2B FE AE 20 59 3B F1 74 |
Thumbprint | 5C 2C B5 5A 9A B9 B1 D6 3F F4 1B 0D A2 76 F2 A9 2B 09 A8 6A |
Memory Dumps (44)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C6304 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743BE8A8 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C9824 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743B9218, 0x743B8748, ... |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743BF000 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C5D79 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C9824 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x7443D1C4, 0x743CB220, ... |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C02E0 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C21E8 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x74442A68, 0x7446A0E8 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C12F0 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C6284 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743D3260 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C3000 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C4000 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743BA438, 0x7443EB8C, ... |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743BA438 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C8084, 0x743D29CC |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743CFC90 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743CDB70 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743C7000 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743D0214 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743B79C0 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743B7F10 |
...
|
||
system.configuration.ni.dll | 1 | 0x743A0000 | 0x74494FFF | Content Changed | - | 32-bit | 0x743D1A50 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6C2BF8 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6C2C00 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6CEEF8 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6DBB68 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E7A5660, 0x6E6DD0DC, ... |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6DA2B8 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6CF090 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6C9E2C, 0x6E7C0E90, ... |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E7A90FC, 0x6E6C9E2C |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6C8450 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6C8450 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E7C7E20 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E7C814C, 0x6E7A8A58 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E77929C |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6D6330, 0x6E6D4650 |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6C41EC, 0x6E6C3628, ... |
...
|
||
system.drawing.ni.dll | 1 | 0x6E690000 | 0x6E823FFF | Content Changed | - | 32-bit | 0x6E6CBF38, 0x6E6CF000, ... |
...
|
||
buffer | 7 | 0x00400000 | 0x0040DFFF | First Execution | - | 32-bit | 0x00405C5B, 0x0040A3D4, ... |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Trojan.Ransomware.GenericKDS.32042894 |
Malicious
|
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js | Modified File | Text |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Severity | Actions |
---|---|---|---|---|
JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | - |
Malicious
|
...
|
JS_Eval | JavaScript calls eval function; possible obfuscation | - |
Malicious
|
...
|
JS_Unicode_escaped_bytes | JavaScript contains many unicode-escaped bytes; possible obfuscation | - |
Suspicious
|
...
|
JS_charCodeAt | JavaScript references charCodeAt function; possible obfuscation | - |
Suspicious
|
...
|
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js | Modified File | Text |
Malicious
|
...
|
»
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Severity | Actions |
---|---|---|---|---|
JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | - |
Malicious
|
...
|
JS_charCodeAt | JavaScript references charCodeAt function; possible obfuscation | - |
Suspicious
|
...
|
C:\Windows10Upgrade\cosquery.dll | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\DWDCW20.DLL | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\DWTRIG20.EXE | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\EnableWiFiTracing.cmd | Modified File | Unknown |
Unknown
|
...
|
»
C:\Windows10Upgrade\esdstub.dll | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\GatherOSState.EXE | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\HttpHelper.exe | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\upgrader_win10.log | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\wimgapi.dll | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\Windows10UpgraderApp.exe | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\WinREBootApp32.exe | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\WinREBootApp64.exe | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\block.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\bluelogo.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\bullet.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\default.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\default_eos.css | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\default_eos.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\default_oobe.css | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\default_oobe.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\eula.css | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\GetStarted.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\lock.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\marketing.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm | Modified File | Text |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\i386\hwexclude.txt | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\i386\nxquery.inf | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\amd64\hwcompat.txt | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\resources\amd64\NXQuery.sys | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\dll1\wdscore.dll | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\dll1\webservices.dll | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\2052\DWINTL20.DLL | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\Public\Pictures\desktop.ini | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\Public\Libraries\desktop.ini | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\Public\Libraries\RecordedTV.library-ms | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\Public\Downloads\desktop.ini | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\Public\Documents\desktop.ini | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\Public\Desktop\desktop.ini | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\Public\Desktop\Google Chrome.lnk | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\Public\Desktop\Mozilla Firefox.lnk | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\Public\AccountPictures\desktop.ini | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\457XRRHEeRC4UfGUI.avi | Modified File | Binary |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\i_9zyxoZSXHlx.avi | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\52HiljouxlX.flv | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\FI5N.mkv | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\Gokf5TGMJc_QsIuaMfW.mp4 | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\_WK_66PMS1WfZEiv.mkv | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\0_w4.flv | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\3s38Gm.avi | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\wqxE4PKLcBhEx_-.swf | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\FQEZGWQS0yL.avi | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\qDMrOHgyW.mkv | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\yMeSugojL-NDXZ.mkv | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\9J5o-K5rlPWB-d.avi | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\0Jit\bYsS_YlaY9z2LOgk.avi | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\0Jit\ka0XqJkvY.flv | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Videos\0Jit\we3h9wVdNt2OG8gH.flv | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Searches\desktop.ini | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Searches\Indexed Locations.search-ms | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\0eHZ_3WhSTBcCzE8.jpg | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\90TDXbBi_nI bB.bmp | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\desktop.ini | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\e_rAGl109.bmp | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\JCevQv3sR4zWuvdiroaf.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\JQTgE9tvFrhK2 G1Dls.bmp | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\jUIAgiN6w3v.gif | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\l1nWbEX73V5RO.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\MlQJ8yCmxq5jsR.gif | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\n kdsPg6tJT4a99pz.jpg | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\N8Pzx.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\p_yVA4jYCd-zL DX.bmp | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\rv8WAxpJ6.png | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\ucDmOcTieCLOpWpKJX.gif | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\uqUo.gif | Modified File | Binary |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\WgAe-lk.bmp | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\Xwj8aUsr5KISbCH.gif | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Pictures\YAi 7SSuqQL.gif | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\desktop.ini | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\F47mcjmxOLj.mp3 | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ocv58-qJyi.wav | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\xoEix01H8r8Gb.mp3 | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\yGlGNTCmxEmW-X_p.mp3 | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\GIbA_.m4a | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\wdaj18HGC2anUg.mp3 | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\3yMQVi4Ib7NBzSV.m4a | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\M8 ByX8vq.m4a | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\QRuixFGCDWAncl5AbmZ.wav | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\uY5_Z 6FH.wav | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\v9-kpgHfycaPisG2zG.m4a | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Deupb3VmhF.wav | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\JW0rnE-6Xut0CIcI.wav | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\mj8IN.m4a | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\s8HsO.m4a | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\uznHK8YoJt.m4a | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\KmPQcO2v E2UpcJS9.wav | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\SjE dCES6E76kFP2AXnm.m4a | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\w3H2 yJco0KHxo9cfC.m4a | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\PR3ENDw94r3DF0R.mp3 | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\Z0sB.mp3 | Modified File | Stream |
Unknown
|
...
|
»
C:\Windows10Upgrade\appraiserxp.dll | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\bootsect.exe | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\Configuration.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\downloader.dll | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\DW20.EXE | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\ESDHelper.dll | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\GetCurrentDeploy.dll | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\GetCurrentOOBE.dll | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\GetCurrentRollback.EXE | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\PostOOBEScript.cmd | Modified File | Unknown |
Not Queried
|
...
|
»
C:\Windows10Upgrade\upgrader_default.log | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\windlp.dll | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\hwcompatShared.txt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\ux\default.css | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\ux\loading.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\ux\logo.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\ux\pass.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\i386\BiosBlocks.xml | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\i386\hwcompat.txt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\i386\nxquery.cat | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\i386\NXQuery.sys | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\amd64\hwexclude.txt | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\amd64\nxquery.cat | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\resources\amd64\nxquery.inf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\dll2\webservices.dll | Modified File | Stream |
Not Queried
|
...
|
»
C:\Windows10Upgrade\dll1\cosqueryxp.dll | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\Public\desktop.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\Public\Videos\desktop.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\Public\Music\desktop.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\Public\Desktop\Acrobat Reader DC.lnk | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\desktop.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\DH14kRkDJ-8wwl8H.mkv | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\JlYeyYLPwK4Xpyt.mkv | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\YHk1VvX0c.swf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\cZl6rLvj5g7uCc.flv | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\smk-WRzZEtvv3zm.swf | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\Z7WOkahHFEPtvl0hHDd4.mp4 | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\zo81.mp4 | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\SAxLYmvTaCBnnGJsau.mp4 | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\zOgRlt_PaSqS2gBYyJ.avi | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\0Jit\Kye1.mkv | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\0Jit\LIMK2KYhSGbY3.avi | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Videos\0Jit\y9ZS.mp4 | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Searches\Everywhere.search-ms | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Saved Games\desktop.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\1A1pfm.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\37R8aHt.bmp | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\4yuX.bmp | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\69rhLdMoVCQ.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\8J4nPD.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\a1i3b7A5pHU82I.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\aXeXUP6k-snF.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\cDL2gR6a-IbLz3x.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\eBfX1Df0J.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\eyrJY ehH0.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\fiznQaqNRLajHUms2A.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\fvA5IQ_5PavX.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\j0tyQmSHBzZT2.bmp | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\nM_Byv6DBsnL.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\rrF_r4.bmp | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\Sc6Jajus_ESL5w yG8.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\tWeSxYdyFHpRSLgu.bmp | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\We_HpS54_a0D.gif | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\XxaTc-hwy798uwvin.png | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\zy-huTJy.bmp | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\_cKcOyWheqI.jpg | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\OneDrive\desktop.ini | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\iyC7tW4Ojj7RBRjiv.m4a | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\xN4AUbEaCl-f1xZI.mp3 | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\h3weC1KwwHE.wav | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\twKU.mp3 | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\6bZRhWw.mp3 | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\DzJl9qZz.wav | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\kuJc FfRcut4b.m4a | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\pEpFQi.mp3 | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Cgdvi2MgC_w.m4a | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\OFRJqA4.m4a | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\FOOxWsHmP 33F468ydKn.mp3 | Modified File | Stream |
Not Queried
|
...
|
»
C:\Users\Public\2720DE842C148E18C1E0270ABEF877C91C879E2B7AB4070B193C1EFF3F1AC1CA | Dropped File | Text |
Not Queried
|
...
|
»