BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-07-26] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Per occultarsi, il rootkit si nascondeva in ogni file che iniziava con $sys$. 2022-09-26 16:23 - 2022-09-26 16:23 - 000000000 ____D C:\Program Files (x86)\Security Task Manager It can be done by a special program, usually provided by the system's manufacturer, or at POST, with a BIOS image in a hard drive or USB flash drive. WebBanks Repeta plays an 11-year-old version of the writer-director James Gray in this stirring semi-autobiographical drama, also featuring Anthony Hopkins, Anne Hathaway and Jeremy Strong. Rootkits: The next big enterprise threat? Most PC motherboard suppliers licensed a BIOS "core" and toolkit from a commercial third party, known as an "independent BIOS vendor" or IBV. Malware in the cloud is a relatively new phenomenon, but cybercriminals quickly realized that cloud systems are an ideal media for spreading Questa pagina stata modificata per l'ultima volta il7 ott 2022 alle 00:22. R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Context: Autodesk Maya 2022 (HKLM\\{5563FA4B-81AF-3CF5-BAFB-8003FF495BCC}) (Version: 2022.3.0.981 - Autodesk, Inc.) Una volta installato il Rootkit, importante mantenere nascosta l'intrusione cos da poter mantenere i privilegi ottenuti. Task: {9F7DE7D7-9319-41F3-8181-92164BC4657D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-19] (Google Inc -> Google Inc.) contain entries identifying the files associated with the rootkit, the ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FirewallRules: [{FE92DBBD-E034-47B2-9F3B-452D1516C4A2}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB) Ltd.) Things I've tried without any success: Malwarebytes, Roguekiller, TDSSkiller. rootkit intercepts and modifies the output to remove the entries. Magic Bullet Suite (HKLM\\Magic Bullet Suite v14.0.4) (Version: - Red Giant LLC) FirewallRules: [UDP Query User{ECF136BF-9CD0-44B3-9668-E85A0C0B5B4C}C:\users\samue\downloads\twlan-2.a3-win32\twlan-win32\php\php.exe] => (Allow) C:\users\samue\downloads\twlan-2.a3-win32\twlan-win32\php\php.exe => No File CISO MAG | Cyber Security Magazine | InfoSec News ), If an expansion ROM wishes to change the way the system boots (such as from a network device or a SCSI adapter) in a cooperative way, it can use the BIOS Boot Specification (BBS) API to register its ability to do so. This discrepancy will occur if a Registry value is updated while the The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing etc., basically blinding security solutions in a very generic and robust way. -> Avast Software), C:\Program Files\Common Files\AVAST Software\Overseer, IFEO\notepad.exe: [Debugger] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe", HKU\S-1-5-21-754528991-816664333-1708797738-1001\\Run: [GalaxyClient] => [X], HKU\S-1-5-21-754528991-816664333-1708797738-1003\\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\mmool\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File), HKU\S-1-5-21-754528991-816664333-1708797738-1003\\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\mmool\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File), HKU\S-1-5-21-754528991-816664333-1708797738-1003\\RunOnce: [Uninstall 22.121.0605.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mmool\AppData\Local\Microsoft\OneDrive\22.121.0605.0002" (No File), Startup: C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[email protected] [2020-03-26], ShortcutTarget: [email protected] -> C:\Program Files (x86)\FAHClient\HideConsole.exe (No File), Startup: C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2019-09-10], ShortcutTarget: GenuineService.lnk -> C:\Users\samue\Autodesk\Genuine Service\GenuineService.exe (No File), Task: {92730C82-818E-40B3-8D15-BD98C7C037E0} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (No File), Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found], Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found], Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found], Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found], CustomCLSID: HKU\S-1-5-21-754528991-816664333-1708797738-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\Inventor Server\Bin\TestServer.dll => No File, CustomCLSID: HKU\S-1-5-21-754528991-816664333-1708797738-1001_Classes\CLSID\{83B0E426-D4EE-11D4-BEDF-BAB7F1EEA455}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\addflow4.ocx => No File, CustomCLSID: HKU\S-1-5-21-754528991-816664333-1708797738-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\Inventor Server\Bin\TestServer.dll => No File, CustomCLSID: HKU\S-1-5-21-754528991-816664333-1708797738-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\Inventor Server\Bin\TestServer.dll => No File, ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File, ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File, ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File, ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File, ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File, ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File, cmd: netsh advfirewall set allprofiles state ON, ========================= File: C:\Users\samue\AppData\LocalLow\s15BmPbRbxd3 ========================, C:\Users\samue\AppData\LocalLow\s15BmPbRbxd3, Creation and modification date: 2022-09-25 16:34 - 2020-12-05 01:42, C:\Users\samue\AppData\Local\svg~34d8~29fe2cad~0.tmp => moved successfully, C:\ProgramData\Reprise => ":lgylqfxlctqffeusff`npefmfs`djofnbpfh" ADS removed successfully, "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44F2B163-038A-4968-BC43-05E7463438A1}" => removed successfully, "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44F2B163-038A-4968-BC43-05E7463438A1}" => removed successfully, C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully, "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully, C:\Program Files\Common Files\AVAST Software\Overseer => moved successfully, HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\notepad.exe => removed successfully, "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully, "HKU\S-1-5-21-754528991-816664333-1708797738-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removed successfully, "HKU\S-1-5-21-754528991-816664333-1708797738-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully, "HKU\S-1-5-21-754528991-816664333-1708797738-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully, "HKU\S-1-5-21-754528991-816664333-1708797738-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 22.121.0605.0002" => removed successfully, C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[email protected] => moved successfully, "C:\Program Files (x86)\FAHClient\HideConsole.exe" => not found, C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk => moved successfully, "C:\Users\samue\Autodesk\Genuine Service\GenuineService.exe" => not found, "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92730C82-818E-40B3-8D15-BD98C7C037E0}" => removed successfully, "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92730C82-818E-40B3-8D15-BD98C7C037E0}" => removed successfully, C:\WINDOWS\System32\Tasks\Red Giant Link => moved successfully, "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Red Giant Link" => removed successfully, HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully, HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully, HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully, HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully, HKU\S-1-5-21-754528991-816664333-1708797738-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741} => removed successfully, HKU\S-1-5-21-754528991-816664333-1708797738-1001_Classes\CLSID\{83B0E426-D4EE-11D4-BEDF-BAB7F1EEA455} => removed successfully, HKU\S-1-5-21-754528991-816664333-1708797738-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3} => removed successfully, HKU\S-1-5-21-754528991-816664333-1708797738-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD} => removed successfully, HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully, HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully, "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully, HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully, HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully, HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully, HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully, ========= netsh advfirewall reset =========, ========= netsh advfirewall set allprofiles state ON =========, DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1395241487 B, Java, Discord, Steam htmlcache => 803733735 B. Temp, IE cache, history, cookies, recent: EmptyTemp: => 6.9 GB temporary data Removed. Start Time: 01d8d1ab1ab28ec6 The goal of this intermediate stage is to load an additional payload in memory and execute it. Retrieved fromWeLiveSecurity.com. (Code 24) OBS Studio (HKLM-x32\\OBS Studio) (Version: 27.2.4 - OBS Project) https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/RemoteAdmin&threatid=2147731874&enterprise=0 FirewallRules: [{6FBA6B83-4F39-45A1-AED4-B531187874A1}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB) 2022-09-27 06:06 - 2022-09-27 06:06 - 000000000 ____D C:\Program Files\LGHUB Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Running from C:\Users\samue\Downloads FirewallRules: [{EFB99A4E-063A-465E-8541-30526AD16A76}] => (Allow) C:\Program Files\Need for Speed Rivals\NFS14_x86.exe (Electronic Arts) [File not signed] Kaspersky too got wind of Black Lotus, pointing out that the rootkits advanced capabilities were previously typical of nation-state malware, but are now increasingly accessible to cybercriminals. As such, option ROMs may also influence or supplant the boot process defined by the motherboard BIOS ROM. FirewallRules: [UDP Query User{3588023C-4D62-452C-BAFD-FDCE8A49A0A0}E:\pela\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) E:\pela\divinity - original sin enhanced edition\shipping\eocapp.exe => No File Exciting changes are in the works. FirewallRules: [UDP Query User{53F71909-020A-4E57-B9A1-C5821247AD3E}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File Windows SDK for Windows Store Managed Apps Libs (HKLM-x32\\{458C3A87-069F-E8E2-AF52-43152BA91548}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden on one of his computers. In addition, Stinger requires the machine to have Internet Explorer 8 or above. FirewallRules: [TCP Query User{574C391F-9C85-4BAD-B4F2-D266227CE99C}C:\program files\maxon\cinema 4d r19\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r19\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH) Logitech G HUB (HKLM\\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2022.9.315009 - Logitech) The attackers deployed several malicious tools on each system, including droppers, loaders, fully featured HTTP(S) backdoors, HTTP(S) uploaders and downloaders. Quando per si ha a che fare con dei rootkit nel firmware, la rimozione potrebbe richiedere la sostituzione di parti hardware, oppure l'utilizzo di strumenti specializzati. The main purpose of these loaders is to read and decrypt executables located in alternate data streams (ADS) at C:\ProgramData\Caphyon\mi.dll:Zone.Identifier and C:\Program Files\Windows Media Player\Skins\DarkMode.wmz:Zone.Identifier, respectively. 2022-09-24 18:30 - 2022-09-24 18:30 - 038644868 _____ C:\Users\samue\Downloads\auto.zip MEGA )2022-10-02 10:33 - 2022-10-02 10:33 - 000193488 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys2022-10-02 10:33 - 2022-10-02 10:33 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys2022-10-02 10:33 - 2022-10-02 10:33 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys2022-10-01 20:38 - 2022-10-01 20:38 - 000000000 ____H C:\Users\samue\OneDrive\Documents\Default.rdp2022-10-01 17:20 - 2022-10-01 17:20 - 000000000 ____D C:\Users\samue\Downloads\OneDrive-2022-10-012022-10-01 17:16 - 2022-10-01 17:20 - 307109185 _____ C:\Users\samue\Downloads\OneDrive-2022-10-01.zip2022-09-30 22:02 - 2022-09-30 22:02 - 009178612 _____ C:\Users\samue\Downloads\Test_for_mushroom_transfer.blend2022-09-30 22:02 - 2022-09-30 22:02 - 007134231 _____ C:\Users\samue\Downloads\Test_for_mushroom_transfer.obj2022-09-30 22:02 - 2022-09-30 22:02 - 004399932 _____ C:\Users\samue\Downloads\Test_for_mushroom_transfer.fbx2022-09-30 22:02 - 2022-09-30 22:02 - 000000386 _____ C:\Users\samue\Downloads\Test_for_mushroom_transfer.mtl2022-09-30 21:31 - 2022-09-30 21:31 - 005574148 _____ C:\Users\samue\Downloads\Test_for_mushroom_transfer.abc2022-09-30 13:20 - 2022-09-30 13:20 - 600422562 _____ C:\Users\samue\Downloads\2876-2881Reverb.rar2022-09-30 11:18 - 2022-09-30 11:18 - 003862520 _____ C:\Users\samue\Downloads\Autoruns.zip2022-09-30 11:18 - 2022-09-30 11:18 - 002502032 _____ (Sysinternals - www.sysinternals.com) C:\Users\samue\Downloads\autoruns.exe2022-09-29 22:20 - 2022-09-29 22:20 - 000039936 _____ C:\Users\samue\Downloads\Samuel Hipponen tgraafik (1).xls2022-09-29 21:01 - 2022-09-29 21:01 - 000001401 _____ C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSizeFree.lnk2022-09-29 20:59 - 2022-09-29 20:59 - 012126768 _____ (JAM Software ) C:\Users\samue\Downloads\TreeSizeFreeSetup.exe2022-09-29 20:59 - 2022-09-29 20:59 - 000001071 _____ C:\Users\samue\Desktop\TreeSize Free.lnk2022-09-29 20:59 - 2022-09-29 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free2022-09-29 20:59 - 2022-09-29 20:59 - 000000000 ____D C:\Program Files\JAM Software2022-09-29 08:08 - 2022-09-29 08:08 - 000039463 _____ C:\Users\samue\Downloads\takeout-20220928T153734Z-001.zip2022-09-29 08:08 - 2022-09-29 08:08 - 000000000 ____D C:\Users\samue\Downloads\takeout-20220928T153734Z-0012022-09-28 18:56 - 2022-09-28 19:00 - 000326446 _____ C:\TDSSKiller.3.1.0.28_28.09.2022_18.56.59_log.txt2022-09-28 18:28 - 2022-09-28 18:28 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys2022-09-28 18:27 - 2022-09-28 18:27 - 002631672 _____ (Malwarebytes) C:\Users\samue\Downloads\MBSetup-8D3D692D-37335.37335.exe2022-09-27 06:06 - 2022-09-27 06:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi2022-09-27 06:06 - 2022-09-27 06:06 - 000000000 ____D C:\Program Files\LGHUB2022-09-26 22:28 - 2022-09-26 22:28 - 000380928 _____ C:\Users\samue\Downloads\p1rmn66p.exe2022-09-26 16:36 - 2022-09-26 16:36 - 006745256 _____ (EnigmaSoft Limited) C:\Users\samue\Downloads\SpyHunter-5.12-6-5285-Installer.exe2022-09-26 16:23 - 2022-09-26 16:29 - 000000000 ____D C:\ProgramData\SecTaskMan2022-09-26 16:23 - 2022-09-26 16:23 - 000001227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk2022-09-26 16:23 - 2022-09-26 16:23 - 000001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk2022-09-26 16:23 - 2022-09-26 16:23 - 000001204 _____ C:\Users\Public\Desktop\Security Task Manager.lnk2022-09-26 16:23 - 2022-09-26 16:23 - 000000000 ____D C:\Program Files (x86)\Security Task Manager2022-09-26 16:22 - 2022-09-26 16:22 - 003029920 _____ C:\Users\samue\Downloads\SecurityTaskManager_Setup.exe2022-09-26 16:13 - 2022-09-26 16:14 - 000000000 ____D C:\Users\samue\AppData\Roaming\JetBrains2022-09-26 16:13 - 2022-09-26 16:13 - 000000000 ____D C:\Users\samue\AppData\Roaming\NuGet2022-09-26 16:13 - 2022-09-26 16:13 - 000000000 ____D C:\Users\samue\AppData\Local\SymbolSourceSymbols2022-09-26 16:13 - 2022-09-26 16:13 - 000000000 ____D C:\Users\samue\AppData\Local\RefSrcSymbols2022-09-26 16:13 - 2022-09-26 16:13 - 000000000 ____D C:\Users\samue\AppData\Local\NuGet2022-09-26 16:12 - 2022-09-26 16:13 - 000000000 ____D C:\Users\samue\AppData\Local\JetBrains2022-09-26 16:12 - 2022-09-26 16:12 - 000000000 ____D C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains2022-09-26 16:11 - 2022-09-26 16:12 - 036401088 _____ (JetBrains) C:\Users\samue\Downloads\JetBrains.dotPeek.2022.2.3.web.exe2022-09-26 14:54 - 2022-09-26 14:54 - 000127877 _____ C:\Users\samue\Downloads\Shortcut.txt2022-09-26 14:03 - 2022-09-26 14:03 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys2022-09-26 13:24 - 2022-09-26 13:24 - 014248944 _____ (SurfRight B.V.) C:\Users\samue\Downloads\HitmanPro_x64.exe2022-09-26 13:24 - 2022-09-26 13:24 - 011332032 _____ (SurfRight B.V.) C:\Users\samue\Downloads\HitmanPro_x64 (1).exe2022-09-25 23:11 - 2022-09-25 23:11 - 000000099 _____ C:\Users\samue\Downloads\sales-history-0xa22a8154f2e14e980bcdcf91809f1be2c6721561-1664136698877.csv2022-09-25 23:09 - 2022-09-25 23:09 - 000000099 _____ C:\Users\samue\Downloads\sales-history-0xa22a8154f2e14e980bcdcf91809f1be2c6721561-1664136555410.csv2022-09-25 23:09 - 2022-09-25 23:09 - 000000099 _____ C:\Users\samue\Downloads\sales-history-0x209797fd4e60cb119fd85ef70ce0385e7f86811c-1664136541236.csv2022-09-25 21:39 - 2022-09-25 21:39 - 000000169 _____ C:\Users\samue\Downloads\AdobeNGLAppIDMap.csv2022-09-25 21:03 - 2022-09-25 21:04 - 000324160 _____ C:\TDSSKiller.3.1.0.28_25.09.2022_21.03.41_log.txt2022-09-25 21:03 - 2022-09-25 21:03 - 005054744 _____ (AO Kaspersky Lab) C:\Users\samue\Downloads\tdsskiller.exe2022-09-25 21:03 - 2022-09-25 21:03 - 005054744 _____ (AO Kaspersky Lab) C:\Users\samue\Desktop\tdsskiller.exe2022-09-25 19:34 - 2022-09-25 19:34 - 008791352 _____ (Malwarebytes) C:\Users\samue\Downloads\adwcleaner.exe2022-09-25 17:24 - 2022-09-25 17:24 - 001575742 _____ (Igor Pavlov) C:\Users\samue\Downloads\7z2201-x64.exe2022-09-25 17:24 - 2022-09-25 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2022-09-25 17:24 - 2022-09-25 17:24 - 000000000 ____D C:\Program Files\7-Zip2022-09-25 16:34 - 2020-12-05 01:42 - 000000282 ___SH C:\Users\samue\AppData\LocalLow\s15BmPbRbxd32022-09-24 18:53 - 2022-09-24 18:53 - 000000000 ____D C:\Users\samue\Downloads\auto2022-09-24 18:30 - 2022-09-24 18:30 - 038644868 _____ C:\Users\samue\Downloads\auto.zip2022-09-23 19:58 - 2022-09-23 19:58 - 003011584 _____ C:\Users\samue\Downloads\kuldvillak_puud.ppt2022-09-23 07:24 - 2022-09-23 07:24 - 000073040 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys2022-09-23 07:24 - 2022-09-23 07:24 - 000044880 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys2022-09-23 07:24 - 2022-09-23 07:24 - 000032080 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys2022-09-23 07:24 - 2022-09-23 07:24 - 000000000 ____D C:\Program Files\Logitech2022-09-19 23:10 - 2022-09-19 23:10 - 000015604 _____ C:\Users\samue\Downloads\allkirihd10must.svg2022-09-19 22:45 - 2022-09-19 22:45 - 000015199 _____ C:\Users\samue\Downloads\allkirihd5.svg2022-09-19 17:10 - 2022-09-19 17:10 - 000000000 ____D C:\Users\samue\AppData\Roaming\bodymovin2022-09-19 17:07 - 2022-09-19 17:07 - 000000000 ____D C:\ProgramData\com.aescripts.zxpinstaller2022-09-19 17:06 - 2022-09-19 17:06 - 067116624 _____ (aescripts + aeplugins) C:\Users\samue\Downloads\aescripts + aeplugins zxp installer (setup).exe2022-09-19 17:06 - 2022-09-19 17:06 - 000000000 ____D C:\Users\samue\AppData\Local\CefSharp2022-09-19 17:06 - 2022-09-19 17:06 - 000000000 ____D C:\Users\samue\AppData\Local\aescripts.com2022-09-19 17:06 - 2022-09-19 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZXP Installer2022-09-19 17:06 - 2022-09-19 17:06 - 000000000 ____D C:\Program Files (x86)\aescripts + aeplugins2022-09-19 17:05 - 2022-09-19 17:05 - 019614115 _____ C:\Users\samue\Downloads\bodymovin.zxp2022-09-19 10:39 - 2022-09-19 10:39 - 000002244 _____ C:\Users\Public\Desktop\Paradox Launcher.lnk2022-09-19 10:39 - 2022-09-19 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive2022-09-19 10:39 - 2022-09-19 10:39 - 000000000 ____D C:\Program Files (x86)\Paradox Interactive2022-09-19 10:29 - 2022-09-19 10:29 - 000000559 _____ C:\Users\Public\Desktop\Europa Universalis 4.lnk2022-09-15 11:03 - 2022-09-15 11:03 - 000000000 ____D C:\Users\samue\Downloads\uploads_files_1893359_tacticle+bag2022-09-15 10:54 - 2022-09-15 10:55 - 000000000 ____D C:\Users\samue\Downloads\macaw-parrot-3d-model2022-09-15 10:29 - 2022-09-15 10:29 - 000016418 _____ C:\Users\samue\Downloads\allkirihd4.svg2022-09-15 08:07 - 2022-09-15 08:07 - 000000000 ____D C:\Users\samue\Downloads\SmallCampfireVDB2022-09-15 08:07 - 2022-09-15 08:07 - 000000000 ____D C:\Users\samue\Downloads\EmberGenFX_0.7.5.82022-09-14 23:28 - 2022-09-14 23:28 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe2022-09-14 23:28 - 2022-09-14 23:28 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim2022-09-14 23:27 - 2022-09-14 23:27 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll2022-09-14 23:27 - 2022-09-14 23:27 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll2022-09-14 23:27 - 2022-09-14 23:27 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys2022-09-14 23:21 - 2022-09-14 23:21 - 000000000 ___HD C:\$WinREAgent2022-09-14 20:54 - 2022-09-14 20:54 - 000605567 _____ C:\Users\samue\Downloads\TalTech_mini_logo jaluses_EST.pptx2022-09-14 20:52 - 2022-09-14 20:52 - 003370675 _____ C:\Users\samue\Downloads\Praks.asice2022-09-14 11:19 - 2022-09-14 11:19 - 000259164 _____ C:\Users\samue\Downloads\hat.fbx2022-09-14 09:26 - 2022-09-14 09:26 - 000000000 ____D C:\Users\samue\Downloads\Standing Idle (3).fbm2022-09-14 09:23 - 2022-09-14 09:24 - 053407568 _____ C:\Users\samue\Downloads\Standing Idle (3).fbx2022-09-14 08:59 - 2022-09-14 08:59 - 000002308 _____ C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\makehuman-community.lnk2022-09-14 08:59 - 2022-09-14 08:59 - 000002234 _____ C:\Users\samue\Desktop\makehuman-community.lnk2022-09-14 08:59 - 2022-09-14 08:59 - 000000000 ____D C:\Users\samue\OneDrive\Documents\makehuman2022-09-14 08:58 - 2022-09-14 08:59 - 000000000 ____D C:\Users\samue\AppData\Local\makehuman-community2022-09-14 08:56 - 2022-09-14 08:56 - 000000000 ____D C:\Users\samue\Downloads\makehuman-community-1.2.0-windows2022-09-12 21:16 - 2022-09-12 21:26 - 020790944 _____ C:\Users\samue\Desktop\Valley_Gold.mp42022-09-12 20:51 - 2022-09-12 20:53 - 020748370 _____ C:\Users\samue\Desktop\ValleyGold.mp42022-09-12 20:43 - 2022-09-12 20:45 - 020777124 _____ C:\Users\samue\Desktop\Valley_concrete.mp42022-09-12 18:46 - 2022-09-12 18:46 - 000000000 ____D C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom2022-09-12 18:46 - 2022-09-12 18:46 - 000000000 ____D C:\Users\samue\AppData\Local\Zoom2022-09-12 18:44 - 2022-09-12 18:46 - 000001931 _____ C:\Users\samue\Desktop\Zoom.lnk2022-09-11 20:53 - 2022-09-11 20:53 - 000037024 _____ C:\Users\samue\Desktop\test2.fbx2022-09-11 20:53 - 2022-09-11 20:53 - 000036992 _____ C:\Users\samue\Desktop\test.fbx2022-09-11 20:53 - 2022-09-11 20:53 - 000000577 _____ C:\Users\samue\Desktop\test2.stmat2022-09-11 20:53 - 2022-09-11 20:53 - 000000576 _____ C:\Users\samue\Desktop\test.stmat2022-09-08 18:23 - 2022-09-08 18:23 - 000052567 _____ C:\Users\samue\Downloads\PPR 12.09-16.09.pdf2022-09-08 13:55 - 2022-09-08 13:55 - 000012675 _____ C:\Users\samue\Downloads\EWallkiri_OKb (1).svg2022-09-08 13:48 - 2022-09-08 13:48 - 000000220 _____ C:\Users\samue\Downloads\EWallkiri_OKb.svg2022-09-08 13:28 - 2022-09-08 13:28 - 000000220 _____ C:\Users\samue\Downloads\EWallkiri_OKsvg.svg2022-09-08 09:23 - 2022-09-08 20:48 - 000000000 ____D C:\Users\samue\Downloads\Wiiralt2022-09-08 09:22 - 2022-09-08 09:22 - 017461675 _____ C:\Users\samue\Downloads\Wiiralt.zip2022-09-02 12:46 - 2022-09-02 12:46 - 034890536 _____ C:\Users\samue\Downloads\Facebook-Brand-Asset-Pack-2019.zip2022-09-02 12:46 - 2022-09-02 12:46 - 000000000 ____D C:\Users\samue\Downloads\Facebook-Brand-Asset-Pack-20192022-09-02 12:35 - 2022-09-20 13:34 - 000000000 ____D C:\Users\samue\Desktop\W==================== One month (modified) ==================(If an entry is included in the fixlist, the file/folder will be moved.
System Text Json Constructor, Floyd County, Ga Government Jobs, Kendo Notification Demo, Animal Research Ethics Case Studies, Filezilla Administration Interface, Andesite Skin Minecraft, What Is A Moraine In Geography,