Ransomware Wiper
-
Created on 2024-05-24T23:09:58+00:00
7bb3816e58d8a956b13aac53f75f762442a9849cd0ab324be6334e9a5e4b718f.exe
Remarks (2/3)
(0x0200001B): The maximum number of file Reputation Analysis requests per analysis (150) was exceeded.
(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "26 minutes, 38 seconds" to "10 seconds" to reveal dormant functionality.
Remarks
(0x0200001D): The maximum number of extracted files was exceeded. Some files may be missing in the report.
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\7bb3816e58d8a956b13aac53f75f762442a9849cd0ab324be6334e9a5e4b718f.exe | Sample File | Binary |
Malicious
|
...
|
Verdict |
Malicious
|
Image Base | 0x00400000 |
Entry Point | 0x0041946F |
Size Of Code | 0x00018400 |
Size Of Initialized Data | 0x0000C600 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2022-09-09 03:27 (UTC+2) |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00401000 | 0x00017DE8 | 0x00017E00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.63 |
.itext | 0x00419000 | 0x00000546 | 0x00000600 | 0x00018200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 2.93 |
.rdata | 0x0041A000 | 0x00000492 | 0x00000600 | 0x00018800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.54 |
.data | 0x0041B000 | 0x0000ADC8 | 0x0000A000 | 0x00018E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.99 |
.pdata | 0x00426000 | 0x00002699 | 0x00002800 | 0x00022E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.9 |
.reloc | 0x00429000 | 0x00000FD0 | 0x00001000 | 0x00025600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.74 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SetPixel | - | 0x0041A050 | 0x0001A2D0 | 0x00018AD0 | 0x0000014E |
SetDCBrushColor | - | 0x0041A054 | 0x0001A2D4 | 0x00018AD4 | 0x0000013A |
SelectPalette | - | 0x0041A058 | 0x0001A2D8 | 0x00018AD8 | 0x0000012F |
GetTextColor | - | 0x0041A05C | 0x0001A2DC | 0x00018ADC | 0x000000E5 |
GetDeviceCaps | - | 0x0041A060 | 0x0001A2E0 | 0x00018AE0 | 0x000000AA |
CreateSolidBrush | - | 0x0041A064 | 0x0001A2E4 | 0x00018AE4 | 0x00000045 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
DefWindowProcW | - | 0x0041A020 | 0x0001A2A0 | 0x00018AA0 | 0x0000009C |
CreateMenu | - | 0x0041A024 | 0x0001A2A4 | 0x00018AA4 | 0x0000006A |
EndDialog | - | 0x0041A028 | 0x0001A2A8 | 0x00018AA8 | 0x000000DA |
GetDlgItem | - | 0x0041A02C | 0x0001A2AC | 0x00018AAC | 0x00000127 |
GetKeyNameTextW | - | 0x0041A030 | 0x0001A2B0 | 0x00018AB0 | 0x0000013C |
GetMessageW | - | 0x0041A034 | 0x0001A2B4 | 0x00018AB4 | 0x0000015D |
GetWindowTextW | - | 0x0041A038 | 0x0001A2B8 | 0x00018AB8 | 0x000001A3 |
IsDlgButtonChecked | - | 0x0041A03C | 0x0001A2BC | 0x00018ABC | 0x000001CE |
LoadImageW | - | 0x0041A040 | 0x0001A2C0 | 0x00018AC0 | 0x000001EF |
LoadMenuW | - | 0x0041A044 | 0x0001A2C4 | 0x00018AC4 | 0x000001F7 |
DialogBoxParamW | - | 0x0041A048 | 0x0001A2C8 | 0x00018AC8 | 0x000000AC |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SetLastError | - | 0x0041A000 | 0x0001A280 | 0x00018A80 | 0x00000519 |
LoadLibraryW | - | 0x0041A004 | 0x0001A284 | 0x00018A84 | 0x000003AF |
GetTickCount | - | 0x0041A008 | 0x0001A288 | 0x00018A88 | 0x000002F6 |
GetLastError | - | 0x0041A00C | 0x0001A28C | 0x00018A8C | 0x00000251 |
GetCommandLineW | - | 0x0041A010 | 0x0001A290 | 0x00018A90 | 0x000001CA |
GetCommandLineA | - | 0x0041A014 | 0x0001A294 | 0x00018A94 | 0x000001C9 |
FreeLibrary | - | 0x0041A018 | 0x0001A298 | 0x00018A98 | 0x0000019E |
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
7bb3816e58d8a956b13aac53f75f762442a9849cd0ab324be6334e9a5e4b718f.exe | 1 | 0x01380000 | 0x013A9FFF | Relevant Image | 32-bit | 0x0138B444 |
...
|
||
buffer | 1 | 0x00C50000 | 0x00C5FFFF | First Execution | 32-bit | 0x00C537B8 |
...
|
||
ntdll.dll | 1 | 0x77220000 | 0x7739AFFF | First Execution | 32-bit | 0x7728B5B0 |
...
|
||
7bb3816e58d8a956b13aac53f75f762442a9849cd0ab324be6334e9a5e4b718f.exe | 1 | 0x01380000 | 0x013A9FFF | Process Termination | 32-bit | - |
...
|
C:\Users\RDhJ0CNFevzX\Desktop\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | Sample File | Empty |
Malicious
|
...
|
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
f095.tmp | 40 | 0x00400000 | 0x00406FFF | First Execution | 32-bit | 0x00403958 |
...
|
||
buffer | 40 | 0x7FEA0000 | 0x7FEA0FFF | First Execution | 32-bit | 0x7FEA0000 |
...
|
||
buffer | 40 | 0x02410000 | 0x0255FFFF | First Execution | 32-bit | 0x025536B0 |
...
|
||
ntdll.dll | 40 | 0x77220000 | 0x7739AFFF | First Execution | 32-bit | 0x77285E50 |
...
|
||
buffer | 40 | 0x7FE80000 | 0x7FE80FFF | First Execution | 32-bit | 0x7FE800A0 |
...
|
||
buffer | 40 | 0x7FE20000 | 0x7FE20FFF | First Execution | 32-bit | 0x7FE20000 |
...
|
||
buffer | 40 | 0x7FE40000 | 0x7FE40FFF | First Execution | 32-bit | 0x7FE40000 |
...
|
||
buffer | 40 | 0x7FE60000 | 0x7FE60FFF | First Execution | 32-bit | 0x7FE60000 |
...
|
||
buffer | 40 | 0x007CB980 | 0x007CF180 | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x02410000 | 0x0255FFFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FDF0000 | 0x7FDF0FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE00000 | 0x7FE00FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE10000 | 0x7FE10FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE20000 | 0x7FE20FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE30000 | 0x7FE30FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE40000 | 0x7FE40FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE50000 | 0x7FE50FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE60000 | 0x7FE60FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE70000 | 0x7FE70FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE80000 | 0x7FE80FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FE90000 | 0x7FE90FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 40 | 0x7FEA0000 | 0x7FEA0FFF | Process Termination | 32-bit | - |
...
|
||
f095.tmp | 40 | 0x00400000 | 0x00406FFF | Process Termination | 32-bit | - |
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Local\ActiveSync\wxaCdziTl.README.txt | Dropped File | Text |
Malicious
|
...
|
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
GenericRansomNote | Generic Ransomware Note | - |
4/5
|
...
|
c:\users\rdhj0cnfevzx\documents\9vpsg\f z3kfnzb.odt.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\wTVYLx-tAomHdANur7.m4a.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\jj3_0l0jugmtkmwqb.swf.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\nx6tab5.swf.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\Hfebfxxz5n8FSUnfjs_R.mp3.wxaCdziTl | Dropped File | Unknown |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\xpir2\oikk4cz\7nkfvfcvrw09.mp3.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\xpir2\rv4jr_6pevrn\2ldatuzcnm.wav.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\EAAmOYoDxPs3z26AkFSM.xls.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\xpir2\-2hwvg9.wav.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\8woa.jpg.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\PV31t.ots.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\n6hmww1mvbHtErVaS\U6y50saQnqu.flv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\ug2qj\4u4jzdmnd6xugr0r\jqn7cxpvuwjc_\dppsg.mp4.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\gsFOLmYYrnzDPUFYtEn0.flv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\AQyy.gif.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\pictures\zbtx-ar-rf.gif.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\v-qxcue.mp3.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\n6hmww1mvbHtErVaS\bzhT.mp4.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Pictures\HwHp\fSQki8zDFdb3FxwwyX6\d1rvF iiFcDG.gif.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\qr32rbhx\mc77uat9t4 8 auh\p8yp6mj9xeguiop8fc\cty2ux4r_\llfjy996fx\odlxjakgcdgngz.docx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\xpir2\psh8ktc6mj1l.mp3.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\xpir2\a1isayh7igqaw5 u.m4a.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\Ug2QJ\WRsLfGPH1p5_8m1G1.bmp.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\DT4UAnS.png.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\3zii.flv.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\Oha2ts3VYM1ihzElUdH\6hkZn51YcJ yR7Uci.rtf.wxaCdziTl | Dropped File | Binary |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\qr32rbhx\ufgpzaxxf8b16qj.rtf.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Music\IDG9xi ktQgwc\MtNUSywXQZ4h\FNCLA4cbJsUYBjm.m4a.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\videos\n6hmww1mvbhtervas\z4lycjbt o-n15.swf.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\I59CtsWQTj.rtf.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\8qzrm5t5wuifx.pdf.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\qr32rbhx\mc77uat9t4 8 auh\oha2ts3vym1ihzeludh\pdu5qhtwvm.ods.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\ib01.gif.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\videos\n6hmww1mvbhtervas\xz9jfzqvcskx-5.swf.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\q_23bggffrfk sddyd2a.wav.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\zn7O.ppt.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\n6hmww1mvbHtErVaS\fEm047LW4YrrwEO.flv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\qr32rbhx\mc77uat9t4 8 auh\0aml3jwzjc-5onfm\c-bkd0zdf.ots.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Pictures\9PSVRehdQLjYLS.png.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\5JvK.mkv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\idg9xi ktqgwc\mtnusywxqz4h\i4tx3s3pppy.wav.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\qr32rbhx\ixeejj_c.odp.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\Ug2QJ\4U4JZDmnd6xUGR0R\yf4A5qm5GcE2\v7n1ve5h.swf.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Pictures\HwHp\fSQki8zDFdb3FxwwyX6\tfOB_j\XoXPCwj5F77\XheAtaee.png.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\videos\pvke.mp4.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\r2zygkmkf0yl_njl50rt.m4a.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\xd 6gh4sobxuck7whuha.xlsx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Music\IDG9xi ktQgwc\iSosvUqDth\K-MsSZJRIW6.wav.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\n6hmww1mvbHtErVaS\_IEcg3V7_RLYQOQD.mp4.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\qr32rbhx\mc77uat9t4 8 auh\0aml3jwzjc-5onfm\ndrc0vt-1qw3i2r3.pps.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\ggK75.swf.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\p8yP6MJ9XegUIop8fC\cTY2UX4R_\LLFjY996fX\j40oY0S8G4YbRAbJlL.xlsx.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Pictures\Rb PoqbS9xit.gif.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\idg9xi ktqgwc\isosvuqdth\ckeibaehzjiu8gjs.m4a.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\p8yP6MJ9XegUIop8fC\Y 2pnSNEnTLQRTlzcsP.rtf.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\n6hmww1mvbHtErVaS\yfQ8fk.mkv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\xepzG5U.bmp.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\Hqg4ujy.csv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\DhlQv_2gVqiDy\KVY20eKwTlu.pdf.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\xrhkopj-vxhpo.docx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\x8jHDterkAXcwLgNMAc.pptx.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\pictures\dk2uq9nmmckvx1__d\ql816ckox_ozqexosiv.png.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Music\xPIr2\XEf4oLIla0tA\XxEnKoL.wav.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\p8yP6MJ9XegUIop8fC\cTY2UX4R_\LLFjY996fX\NlzhTt.pps.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Pictures\DK2uq9nMmCkVx1__D\RS1284Lbxfm5uQEujD.jpg.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\videos\nfwusmm6gvtedu.mkv.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\aAu8lUQr9-w_H.pptx.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\euwip0ut.wav.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Pictures\DK2uq9nMmCkVx1__D\BthdL.bmp.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\p8yP6MJ9XegUIop8fC\TGxF7NT0infc4Sa0G.doc.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\xsfp3ekh7cwojyb6ac.pps.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\5tps_bd7um.wav.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\w1amdcsyu6ovzu8gbp_t.odp.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\idg9xi ktqgwc\mtnusywxqz4h\cbed oy.m4a.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\ug2qj\iuvgvueytgqfry.mp4.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Music\xPIr2\oIKk4cz\g VO.m4a.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\pictures\rxahptndlv4t9n.jpg.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\qr32rbhx\djwzu.ods.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\pictures\srxpltvhn.gif.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\luskyvpsmf.wav.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\QpMOtwa9OJeHxGaWej.odp.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\videos\n6hmww1mvbhtervas\tx_p4k-z.swf.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\6lfbu1y8ojdjapr.wav.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\m5jv7T.pptx.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\n6hmww1mvbHtErVaS\BSG5RljslI.mkv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\cr fndbize_fimj4d2x.docx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\_ySE7l-.flv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\videos\n6hmww1mvbhtervas\nxuvqgiuvbpp.swf.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\xzwd5bkurmmvwlmu.pptx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\aece1orufherf.mkv.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\r2vxaawrss klbyd.docx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\o729kNnpFvZRpg.flv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\Oha2ts3VYM1ihzElUdH\txt70CmqceL.csv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\Fmz1a6.gif.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\3ll8mAvCeADSop2LtYYr.png.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Music\xPIr2\XEf4oLIla0tA\GgDI3ms1QbUyXL.mp3.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\p8yP6MJ9XegUIop8fC\oaJV7EyG9XwAt-.ppt.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\xpir2\894gschurjhirm j.mp3.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\pictures\hwhp\fsqki8zdfdb3fxwwyx6\tfob_j\6z3htj3l8g\dyg5njg.gif.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\ml-q.xlsx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\y8vJY_Ai.jpg.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\ug2qj\4u4jzdmnd6xugr0r\yf4a5qm5gce2\p2svf8rp5y7tdjl38h.m4a.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Desktop\xo0tJMEH.ods.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Pictures\JIfW5BOr-5qeskuCC.png.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\idg9xi ktqgwc\mtnusywxqz4h\vbwbos20wg_uy9ltfe.m4a.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\2wkkmn0kn2vhr.avi.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\qr32rbhx\mc77uat9t4 8 auh\p8yp6mj9xeguiop8fc\9ywjyf.xlsx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\roaming\qdvlf.avi.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Pictures\DK2uq9nMmCkVx1__D\Zw3wie.png.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Pictures\Raqp2x9BXlbYdm69PO-.gif.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\1QqBbSv.mp3.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Music\IDG9xi ktQgwc\MtNUSywXQZ4h\6xMTMGerizS_B9nePYre.mp3.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\idg9xi ktqgwc\isosvuqdth\07wkye5.mp3.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\jndukcjrq_ylredb.xlsx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Music\cLLwS6g8C2eaZaiTGq09.mp3.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\documents\rued0nx.docx.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\p8yP6MJ9XegUIop8fC\cTY2UX4R_\o5PG.ods.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\rbdj.mkv.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Documents\qR32RBhx\mc77uaT9T4 8 aUh\DhlQv_2gVqiDy\OE2Z sFSwU_t3K.pptx.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\o nTsCSwgX.mkv.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\music\vmdrms.mp3.wxacdzitl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\AppData\Roaming\RfLrr99.gif.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Users\RDhJ0CNFevzX\Videos\UHhwRty6V-ug.mp4.wxaCdziTl | Dropped File | Stream |
Clean
|
...
|
c:\users\rdhj0cnfevzx\desktop\ug2qj\4u4jzdmnd6xugr0r\jqn7cxpvuwjc_\sjxgkuf.doc.wxacdzitl | Dropped F |