1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596

Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Analysis

max time kernel
1559s
max time network
1563s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
Size

1.3MB
MD5

d30cc3d50062b47585d8e9216f5974c4
SHA1

86ab16232bdff82807eb09e9dae5ae7dec26685f
SHA256

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8
SHA512

8fa7e529f58deb6c2b89c3bf3ceb04ca036e00ac694767b64625258fe39d3911d42ae9d5baf0d0089e06c936458fcacd0e6e56b8a7cba4a91084d66a5717bce6
SSDEEP

24576:bk70TrcblhbE+twWvKItnEi9RlyjACUxar1BjjxhXQdT6lRDmkTyi:bkQTAMGwAFv9yjJZrYURDdH

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (18637) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 64 IoCs

Processes:

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\es-ES\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\en-US\pacer.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\fr-FR\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ja-JP\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\gm.dls.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\en-US\pacer.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\en-US\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\de-DE\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\es-ES\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\fr-FR\pacer.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\it-IT\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\es-ES\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\gmreadme.txt.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\it-IT\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\de-DE\pacer.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\en-US\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\it-IT\tcpip.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\pacer.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\fr-FR\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\fr-FR\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ja-JP\tcpip.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\wimmount.sys.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\tcpip.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\en-US\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\fr-FR\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ja-JP\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\de-DE\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\de-DE\tcpip.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\fr-FR\tcpip.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ja-JP\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ja-JP\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\en-US\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\it-IT\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\tcpip.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gm.dls.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\pacer.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\en-US\tcpip.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\en-US\scfilter.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\en-US\tcpip.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\qwavedrv.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\es-ES\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\pacer.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\pacer.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\es-ES\ndiscap.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\wimmount.sys.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\it-IT\bfe.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\tcpip.sys.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

Drops startup file 2 IoCs

Processes:

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!!!README_DECRYPT!!!.txt	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Run\Anti-Malware = "C:\\Users\\Admin\\AppData\\Roaming\\KBFilt.exe"	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

Drops file in System32 directory 64 IoCs

Processes:

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

description	ioc	process
File created	C:\Windows\SysWOW64\de-DE\ktmutil.exe.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\adsnt.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\de-DE\getmac.exe.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\es-ES\bthpan.inf_loc.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\wbem\vsswmi.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\en-US\softkbd.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\ja-JP\apilogen.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\ja-JP\themeui.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\activedirectory-webservices-replacement.man.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\C_950.NLS.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\wevtapi.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\wbem\es-ES\mstscax.mfl.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoPremiumPackage~31bf3856ad364e35~amd64~~6.1.7601.17514.cat.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc4.inf_amd64_neutral_310871d800afa82a\Ph3xIBC4.inf.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\fr-FR\sppcomapi.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\tsmf.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\ntdll.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\ja-JP\iassdo.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\C_28593.NLS.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\en-US\WinSync.rll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdsm.inf_amd64_neutral_be2b348981b2ef17\msdsm.sys.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\wbem\es-ES\wmiutils.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\autoconv.exe.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\de-DE\ivfsrc.ax.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\ja-JP\brmfport.inf_loc.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\faultrep.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-Foundation-Starter-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\it-IT\dmdskres.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\es-ES\perfproc.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\raserver.exe.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\sv-SE\fms.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\pwrshmsg.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\SampleRes.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\fr-FR\EhStorAPI.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\PCL4RES.DLL.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\Amd64\hpc6300t.vdf.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ql40xx2.inf_amd64_neutral_b95932400326817e\ql40xx2.inf.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\ja-JP\hidserv.inf_loc.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\pintlgnt.ime.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averfx2hbtv_x64.inf_amd64_neutral_7216b6fb23536c40\MVDetection64.ax.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\en-US\WceISVista.inf_loc.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\ja-JP\ntlanui2.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\joy.cpl.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\msswch.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\de-DE\acppage.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\ja-JP\openfiles.exe.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\Setup\pbkmigr.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\shimeng.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\wbem\fr-FR\rdpcore.mfl.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\de-DE\xwtpw32.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnca00c.inf_amd64_neutral_510c36849918ce92\Amd64\CNB_0318.DLL.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\SysWOW64\en-US\xwizards.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\KBDTH0.DLL.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\rdpd3d.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\es-ES\wiabr009.inf_loc.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\en-US\hnetcfg.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\ja-JP\msctfui.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prnqctl.vbs.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\rdpcore.mfl.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\SysWOW64\NlsLexicons0011.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\es-ES\hpsamd.inf_loc.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnin002.inf_amd64_neutral_977d40799168c216\Amd64\IFCS3535.GPD.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

Drops file in Program Files directory 64 IoCs

Processes:

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

description	ioc	process
File created	C:\Program Files\Windows Journal\jnwdui.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGMASTHD.DPV.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00546_.WMF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Slipstream.thmx.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48B.GIF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_nl.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_ON.GIF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\RTFHTML.DLL.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Stationery\1033\PAWPRINT.HTM.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\PROOF\!!!README_DECRYPT!!!.txt	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00916_.WMF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\!!!README_DECRYPT!!!.txt	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\TOOLICON.ICO.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\!!!README_DECRYPT!!!.txt	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00704_.WMF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\!!!README_DECRYPT!!!.txt	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107502.WMF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00489_.WMF.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

Drops file in Windows directory 64 IoCs

Processes:

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

description	ioc	process
File created	C:\Windows\winsxs\Backup\x86_microsoft-windows-duser.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a3d716fd41699423_duser.dll.mui_3c369ac4.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..gement-ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7c0a746d3386bdad.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_042b8ea19be901c4\System.Configuration.resources.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-help-speech.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4cdc74d062b5477d.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..oyment-languagepack_31bf3856ad364e35_6.1.7601.17514_it-it_7085a1fa61a4db95.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_winusb.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e8191a4b5975f329\winusb.inf_loc.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_ja-jp_c8307df51ca42b75.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\wow64_microsoft-windows-iis-asp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a917579084799619.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..-statusui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e6717572d615516f.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6e37e53191205bc4\p2p.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\es\!!!README_DECRYPT!!!.txt	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Windows Notify.wav.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_9cef76e6ecab612f\SystemPropertiesHardware.exe.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Backup\amd64_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f52607304e593d93.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.1.7600.16385_none_022f79b2090484a2\wbemcntl.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e27ae693b6e71bb689ec66761a65901f\!!!README_DECRYPT!!!.txt	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_brmfcsto.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bd552b3f3855af60\brmfcsto.inf_loc.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\FileMaps\program_files_common_files_system_msadc_de-de_56d47265a9453027.cdf-ms.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..n-support.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d87c402bb4269416\perfwci.ini.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Catalogs\a9d7058b21d676eb88a3484f690595569a3fc5f1dc40648fc88fa5fc2609e8fa.cat.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5cc382c921bfc39d\cmlua.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..kerstemmer-japanese_31bf3856ad364e35_7.0.7600.16385_none_8465cd74f792be3c\noise.jpn.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\Help\Windows\en-US\artcon5.h1s.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..ssprotection-common_31bf3856ad364e35_6.1.7601.17514_none_b66cf384dd65af18\QUTIL.DLL.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d03d19912f2e87b9\msdasc.chm.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c02a16e1ae17ab94\about_pipelines.help.txt.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..mplus.res.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8bbc3e7b25ec45b0.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-bubbles.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cc2ed5c4fe7b1d81\Bubbles.scr.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Backup\amd64_microsoft-windows-mprmsg.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0fa510c7a4b9037a_mprmsg.dll.mui_210d8c31.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\msil_system.design.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_4364949cd8debf85\System.Design.Resources.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8aca445a5126eb01\ulib.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\Koala.jpg.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_91da82fcb9b5f40e\xwtpdui.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d67dc559c08dab90.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..35wpfcomp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0bce3bb4d746eecc.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..b-odbc-provider-rll_31bf3856ad364e35_6.1.7600.16385_none_23939daf7269b02a\msdasqlr.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_mediumtrust.config.default.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\FileMaps\$$_inf_servicemodeloperation_3.0.0.0_0c0a_9b92dc06d51f3fbf.cdf-ms.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..atibility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e5f957ab2b453aed.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_prnep00d.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_fr-fr_fb8ff1a1fbfdd455.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..downlevel.resources_31bf3856ad364e35_6.3.9600.16428_en-us_add432fbdc488eca\MsSpellCheckingFacility.exe.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..svc-extra.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ceb9e50fe1e709ac\Rules.System.Wireless.xml.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_brmfcmdm.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_en-us_dedf121bed9a2315.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-mprapi_31bf3856ad364e35_6.1.7601.17514_none_72328a5b69a4257a.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_win7-microsoft-wind..oyment-languagepack_31bf3856ad364e35_7.1.7601.16492_ar-sa_4eb3e326e7501123.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-utilman.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b69ea1f9f55c2317\Utilman.exe.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\!!!README_DECRYPT!!!.txt	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_it-it_723982cb6f42a366\FirewallAPI.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_fe7d1685575edfa6.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..ity-vault.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_94e8f3dd5e922226\VaultCredProvider.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_mdmgl003.inf_31bf3856ad364e35_6.1.7600.16385_none_cdc9dd3061fa542a\mdmgl003.inf.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\wow64_windowssearchengine.resources_31bf3856ad364e35_7.0.7600.16385_es-es_1e7ba14b6256e51c\mssvp.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Backup\x86_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f5d83b1064d90ccb_rasautou.exe.mui_55686a97.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-g..admin-gpedit-snapin_31bf3856ad364e35_6.1.7600.16385_none_ccd7905990f3c9d2.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_eb43e97b2bf59e1f.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.7600.16385_none_7f0c7a3c17077fce\iexpress.exe.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File opened for modification	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\64b3b0b1aba5ca1918056740cd4dd1f3\!!!README_DECRYPT!!!.txt	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\IME\fr-FR\SpTip.dll.mui.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..owfilters.kstvtuner_31bf3856ad364e35_6.1.7601.17514_none_8d3b6ca8a0917ca2\vbisurf.ax.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Catalogs\8e2f55b8fffbe4cac18ea38497dd3548ddac202e1ac3fb4db52c70d85057f559.cat.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..uetype-browalliaupc_31bf3856ad364e35_6.1.7600.16385_none_8e8a0e8706e4503f.manifest.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
File created	C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\pci.sys.criptfud@protonmail_com	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

description pid process

Token: SeDebugPrivilege 2252 675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

description	pid	process
Token: SeDebugPrivilege	2252	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

description	pid	process	target process
PID 2252 wrote to memory of 2716	2252	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe	NOTEPAD.EXE
PID 2252 wrote to memory of 2716	2252	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe	NOTEPAD.EXE
PID 2252 wrote to memory of 2716	2252	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe	NOTEPAD.EXE
PID 2252 wrote to memory of 2716	2252	675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe	NOTEPAD.EXE

C:\Users\Admin\AppData\Local\Temp\675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
"C:\Users\Admin\AppData\Local\Temp\675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2252

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\FrameworkLog\!!!README_DECRYPT!!!.txt
2⤵
PID:2716

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\!!!README_DECRYPT!!!.txt
Filesize
774B

MD5
c6ae614dd98c653da580f094504b8f8c

SHA1
e0dcc1ccda5aed8117d808db2e415ebbbee72229

SHA256
2ee6aa6e2d783c2e2fc3c9680c420c6776defbc5e465ca6dfad57dc552f67aa7

SHA512
3d121f4770330e338861038feca855af6817c6f2804594e20d508bf1b21a44ca9118e3698d4926e0eb81d0580597e435bdfe7e0535fb67d9c90892e5248819df

Download Submit
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.criptfud@protonmail_com
Filesize
27KB

MD5
ca6e5ca97fb3c16e42728fbdc3b17242

SHA1
780873132858a106965670416a4572daa244a7ef

SHA256
53e7a94f15b8a30bddd5d528bd29a04347b0b326d6348131925dd1eb7e1d8a90

SHA512
f0ba798aa7905db36517d7fa5b70d2e3e10f617f5998234b799e3e0f86390881ef5a97beb5f71f0ffe9ec0d13f9008048bdbdf38734285500ea9b4b7f2e77d6e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.criptfud@protonmail_com
Filesize
344B

MD5
6c1aec4a4b0ba2a66cc2924556e63d0c

SHA1
605bc60d365d6bd8602d826a237e932cf44c3244

SHA256
5b91a8dbb8f65567643bc64bd3d0b3bcef04b944d5b705ac8c68f47300a75ad3

SHA512
dade77681bc35ae13bf086606ea79622f40f011800104f46b9fa276a455f8a4a5d9ac3711d300185218d8cd6b9e79531adac6b22750b26b9464c0309c31851cb

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.criptfud@protonmail_com
Filesize
224B

MD5
102ff0fa94689a56af23cf7149c38c1e

SHA1
5caefe30b436a9719a9faef4bbf1061b05bcc8ef

SHA256
28e880534f3443364817d33752ff20f0ef5e80d0bc7e6ae10cdaa61eb341f63b

SHA512
4e7fd29ed8540e86f1b969dcbf2d1e6b3599c69f8ef42483a653becb430d0c1d22e69c770b397069e655c214fb7e424ffd8623c6927e1eae494d80332bfe2795

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.criptfud@protonmail_com
Filesize
120B

MD5
405f91e2f91d14b016e4c9c5b797dcbb

SHA1
1b039e139cc4d3a3efd75aab8294f03881a7b868

SHA256
c03d50be60abbbcf9028fc885a66da4b2e85ab20b271feee8c5f546059c8d31c

SHA512
13190140740630994ffda60ad299daf0319b03f234f283dbf6ee756a509263987c83a9052a0148a7f2c7bc56d460248d49130a633a06fca420b0e1c258890c60

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.criptfud@protonmail_com
Filesize
120B

MD5
9e024bf47d005af254f503098f78298f

SHA1
ce69a724e2380d9ee2854f64144d4cc172e10dcf

SHA256
424c44c4bd9bf370cbb48eb016b3d25745948f85dd71b0f5637ba99963190003

SHA512
e7d1a3530a6889245796d41f0297bc90f9e1dcbe68fbc1e8411e2832b43bf723b2f5374466e4560fb4a8a7882baf3dd1d3eb71f66519fa4cf70bf323a8d3aabc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.criptfud@protonmail_com
Filesize
192B

MD5
6d23ebad8aa2914ddbd4601a83c24f62

SHA1
d43103a9c6de04316cde9f641b56164fd892d8a6

SHA256
d495ffa15104d22944fbcdb869a13ab030ecfd8f45085bbe6a06742735605da1

SHA512
ce0c16f50baea991bec5b62451d8a54f279d150877821fb046762f9bf437b1189905cfb5786c4380423fcf231b64d6feef658c5928e212b720e68c8ffec77b7f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.criptfud@protonmail_com
Filesize
504B

MD5
552edda77c29be4dbdd3cfcb3f25277c

SHA1
8d56955a0d43d618e28a6ab4d8587b2fef2c1807

SHA256
7ad5c38ec1ac075ac115dd7a5a67406f1bed1b412495e9f92dbf8b8e3cddb09a

SHA512
0c319059336837f171d2815981a1f75ed6f734de118b7c475fe809afdba38997cbf50f99b0a462e1be0dee5d1eecba597b7c6306bebaa2bbb6dd4c390d0fe70c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.criptfud@protonmail_com
Filesize
1KB

MD5
c86e70d6668757104a65b3a0056bbd47

SHA1
27fadf56061b24e0d73648e582ea9e313bcc3128

SHA256
b2c3cec840bac48742692419fbe13f0a5f5a8a759fe1e0f3e7d4957ca8c955ed

SHA512
cd082978bd4ef1531b77d1be1cb4fd28e6c5421d818d5b36edd25dd38afc7e2f79378f89e3e691c972965958253f91c526a9bf02d64a36368a488fdd2d66090b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.criptfud@protonmail_com
Filesize
808B

MD5
a2b56792d3068c9adf1939e3d2c2fb79

SHA1
7945e68d3cfa7eaf1d58605ec2f2e71dcac1e54c

SHA256
9571cfa135b7222359d710e5f325886df7e2b937bdce86949329ca84f1bcf6a6

SHA512
c85f21cf2286d26d158c561947c7dec671999e004e3bef66e0c5d791865e5efcdc6261fdec83e822051d916bdbd915a0cd255fa8b3a20fe5beb80adea0aab939

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.criptfud@protonmail_com
Filesize
19KB

MD5
c91a5c409727b65352fe0010ab5f0b87

SHA1
dd78e1197136a9d1353a8e8bda755db5e0fbbd49

SHA256
d3357ae19cef6761d6c9be77441ea9833e2992ee9181b447db0ab3a6a82fc570

SHA512
1da01b5e90178569f92e878d2ab1d3e52f0fda5418be8e4c5777de110d47be2c55e6f936aa8231b08687d76f5ae79f5ac903829449b68cb1ad909f58bb5915e1

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.criptfud@protonmail_com
Filesize
5KB

MD5
ed7bfc717bd7099790215b899ad8a81b

SHA1
a5789202343737e0a6af915109345098fb03cb30

SHA256
c84a00fb6925d7b5469c3e56bcef2d91e377b96149d983f1e4a25a97e3bbbb48

SHA512
7781938711829086f78fe590a8fd6c5ab8c4ef25f737eff12846e29d07965d9809c9cac8cf8e87d8d3907e0b16e848739f69a06ff627c9fe0725696366628633

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.criptfud@protonmail_com
Filesize
5KB

MD5
5f0466ff5df32247f5e291494d0ce0f2

SHA1
7d514540f716b8fe9b77990cb4fdea0b3ebb0933

SHA256
491fd45b8d56b4dc7c8705b7b51e5ba3fd979b76f78a2e1973d0dba6ddeaacf6

SHA512
1e38b43d7b4aa839502b727bcdc8becf721965a892445a059a3ab10a35b8439d9f6e4b562a0e6f5089dbcee62fe6cc79d0499775cf05ab5abe8d702be9f7b671

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.criptfud@protonmail_com
Filesize
4KB

MD5
a605a88c869bb9d95a88a870db1ae60f

SHA1
86547cb366449167979141cc98630c9edcd658db

SHA256
a8767b812e74a3451fc315ec8e3b23b2c7dd5cb0fd06e9ec7306eb3ac30ad309

SHA512
fc24362f3e9285a2762ed45faa774bcb8db92bdd1c297ff2d2d3b2af76b99f9384265526daee3b67854904aae38cbdb3537042a89d74f6959b13cd6c5fa13525

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.criptfud@protonmail_com
Filesize
4KB

MD5
60dcc1138f9500e9bfdb895bb8623969

SHA1
32d85f51fb5974711661dc50c2ae85a83af5d7a6

SHA256
52face86fc7c5bbf23f4d76927363eaee1a10d1c01270773b45a3ffab8ee8dc5

SHA512
ff3c84887c06ed13eeda0c59cc0dc5085e879d533ee004731039d870fa4a7e69ae0e0625598bfd58817caf84ba2d1910b5b3cc85104f265b44fbdf43841b71dc

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.criptfud@protonmail_com
Filesize
5KB

MD5
c0ee871a00c9cbb7a3abc9c37c12f8e2

SHA1
cdbcd4de7bef24df31ee5936a7b7ff0ff2a6d725

SHA256
b85e345954d6ac95fe9761236a482b482dc67d7362ab18599cfcbdd548cab667

SHA512
bfbfca5f1fb805c4c0f473b3ff357555c142ae6420cbf51242961a1402e0dc58c32382ae2d1980f7cc660f9f336a75f221a29954421a44779fd85f3c4d929264

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.criptfud@protonmail_com
Filesize
5KB

MD5
78861ecb7648da1751b3d0cd721ff916

SHA1
41b4dba11b21cde31c0e4d8ad3ab3694da412f9a

SHA256
3b31a3ccbb6d86b9c8c31c1fb9aa7af5f997c1712822f2fd6ba1bc7e43b83408

SHA512
2f868b123ecaa907ff000e55113970aa7f4cd6fd28fb46a6dfca6fef2655a5f5a2d079115f201e80f8737e362878203b898405a8b62ea15f264f59a60095d28f

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.criptfud@protonmail_com
Filesize
4KB

MD5
7d1906c285ce1d32ee9d4a48e6e0796c

SHA1
202dcf9be4f8c6cf113505fc7ecf9c5f80382809

SHA256
c213dbf72bc2b477c3c04a3198160d3ed7bd1927f8246ca95fd6a5823c80ef30

SHA512
f455a3141b5a12f8898c1b8f00cf1b35933ad6a4da2852c70b624eaa8ebfb95e3194c172168ee945fee89e5b171efbaa15ef31952b5a4050677f455436af126e

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.criptfud@protonmail_com
Filesize
3KB

MD5
05da612aa12e81825b0ee0e2c8574cf5

SHA1
8bbf4364e774ff6dc473367982ea9f8e8cc42b8c

SHA256
4bd99f7157d5e28f268c2ab20d187b5e1f703b0f7ef4eb1aa48502d049844203

SHA512
7e8003d6a0e47f5775cfcab6ef64b4a388720e49cb7df7b78f08b533200a73d1524d0ac134acf98a479643a6452625cb29ad823fd6320df1787779fb25e1d151

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.criptfud@protonmail_com
Filesize
4KB

MD5
17c476a31ddc2dddadc7c9724d63e756

SHA1
ea7b32aa3e557ac511604d7ff14f13b2c62eee82

SHA256
30c9f6e358239a57f70fdd159f2207436bad642633087db8a862bd5c295016be

SHA512
69d863757e031dda1e9ced1decad799a738500225ad2f14a375dd0ba81db91cab3f53d24b066d57747c29b30346c60c4007866ffed4abd3250299c4ec30ce27a

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.criptfud@protonmail_com
Filesize
3KB

MD5
8a4891ee6e8775643bdbdab4a52569d2

SHA1
0385b5fd35c4c92032572347164f409611f6f8a5

SHA256
218b3043033f2cfd09f80ce8578f6fe0fadbf4945a2df23b0d9e5d5375ce3ffa

SHA512
38c8a01a317bd6eacc7319330af81f5d994b8c2de9ff41f9cb034cfe4977f44a9372182d948eba832df0fe7e1e730bdef7128f1ab65fe4b26ebfedbdefd53200

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.criptfud@protonmail_com
Filesize
4KB

MD5
0f673b13ddf55b3c05c50d6fc1808f43

SHA1
1d8cfcf1c4b8083a425a7fee7b1be295d073397b

SHA256
837603973404906e7dc8bbdca93b71e8cd0c3aa09dd04773326471f7fa4e1936

SHA512
4c23e326711bca4f2e1314c27cd036ec4629e9c260e8d9a3de96cfe14a2d685348ce6c26ef50798bba07ff6dfe6673f32081625367194f2ad2813a58b2a654b2

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.criptfud@protonmail_com
Filesize
3KB

MD5
10762dc941fe0be7cee4311baa839dfe

SHA1
715f0d159b8d1d8f67fb29d4101aaff9402ab382

SHA256
bbf2300112799214391acf8b7298f4c9c0a194b31858acc2185c2c4b600a0f9f

SHA512
f79c4bb1266f4e8aee6f200368b6384413a9ac26406dec02d6f9bfa8825bc813aa3d7061d8beb87970646f7ec08f913e00fc82c57b9f856ddd3524ce3c59d819

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.criptfud@protonmail_com
Filesize
4KB

MD5
966108bfdc3ff4dedcf4fe99ce458ae1

SHA1
deb12551ae88aa978b3525da87efbe08c859aa48

SHA256
bc959483eef1be854472dff5ac4bf6ab8074e50182d27e4f7990c5839c8c41ff

SHA512
0da5093a5a1bd1f4a13c3e956b79a78ab1059cb9b7cfc6cf0aa7da06217e310f6a9aaa5e9329fdae53e46ee70baf428b170ce51e2384fffb40ecf417c73c6c4b

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.criptfud@protonmail_com
Filesize
2KB

MD5
0f0b68980ba8435571e1155b96d35120

SHA1
a3cded5624c1e8fcbc5e88f3b94313940c4b09b0

SHA256
7d10150685d16097eb6a922b22deeec0c6782b401cb1efa0cf6ecb58312f350d

SHA512
b038c21d2af1b9a7044e5371acdc81dfc4c7a87176b80aef871378e7bc5be6d40915b4843879d8983147a1a9eda11532cc5435780bfae039737c2dd183f4adc1

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.criptfud@protonmail_com
Filesize
2KB

MD5
86fef0b93ad118bc59dbb3b1b4742168

SHA1
aa25d96fa01aff9681048e7521545a8bbba14768

SHA256
4e03bb054535a80d6f0afd63ff6e89c917e97d7f3d54c18e1d82d1f6727fd9bc

SHA512
492febe2506f88f4c451d5bb3baf2202b798561aadd6351a10ceebf6d3f1f5196d231a8b10bd10b74c09db5104efda8a25813ff12ba8274ec6da10b2432ab008

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.criptfud@protonmail_com
Filesize
5KB

MD5
09d662a03228da969203b0eb18e67cf1

SHA1
18d797ba3db35608c32e48bc8edae35719057cf7

SHA256
91c3514845745042d5f2870c45f960b3cb4533e7fb7802dbf394e9e45cf79bf7

SHA512
ce7fb4d4f767953c6c231da0c1ec8ef5d2ab0a929be4c219db866ec1c495dd63176e9c6eb6099aa2ed57651d6d93e10ceaa8db7af0b81a82b7b126e92f08268e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.criptfud@protonmail_com
Filesize
12KB

MD5
68ed5756ff8eb9cbf39e6ade3a7163be

SHA1
a77d6eea6d92597d4bd65808eb081aa56f4e3981

SHA256
7f92ce3d38f77a0696e6d53e29eab147fd2c4df24cdbbd618d132eca265ea1ed

SHA512
a9218bb1a6d67304d853a217ad804b76d8e8068cdd50372d336af8020c3b880bd653f0ab485a51581be8e1b28456df6e1109428a5bd2ae98ecfa8b1b04ffceeb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.criptfud@protonmail_com
Filesize
8KB

MD5
d86d24784677be0f185e66af5e851858

SHA1
5d7b383f0ed59781cf84b61e7b488ecb7831c4cf

SHA256
e56d754c56e141760e7b17e46cedcf30f1e958830aec167634c72a9de2ee5567

SHA512
09dd46417ac36d65807d8db819351359ab6572e8650f2efb309bd0de9ae6881fbff3dd393d9d22834e4c184f747efcb118a00c0dc1d600de7c0bba2d71affcdb

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.criptfud@protonmail_com
Filesize
64B

MD5
4bfd4189a6c0e8e7b5f23a66fdd96504

SHA1
40de46e89ad825139a6213aaf40daa22794f81cb

SHA256
a384688bbbc696b2e3472620385a5a9d60c9385072eebd5542e3d8b4774731ea

SHA512
aa940e68e8172ef1dcc3f33921218e63420b3c6b17aeaf572a58c4effac1763cec315cf44b462f4f058b6889ef282fb8a95e15af2e87ce1fa48c128860e5e6a1

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.criptfud@protonmail_com
Filesize
7KB

MD5
032e87d71103ce1d0932cfdf7fd84c77

SHA1
8393649f6628cfe909cf8510ad73eea9f3062ae3

SHA256
c542d6dd10e5e0d4c50ea79b46058180ff425b84784dfc3f398d39b52b2cd544

SHA512
62e41bf64ce118dfb2a412d9ed4369e1917c188c0aa3478972cb84d05659a614d54ed3fe3c2bfbd957aef453575c84ed6daa823e2a9c58a163048e717297eb23

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.criptfud@protonmail_com
Filesize
8B

MD5
b2d9fd23f5ae8a99820e39e74dc60866

SHA1
debd3e5213eb3dbf0b518a970c82b998130b3e04

SHA256
dee53d76a29f0019fa8ba33e6fff2b9b6bbea9c612ea9208cefec2f7eea1bbcd

SHA512
41cc33ee1be4a007efe4a0f225e0a9d21cb34cad406db4df89df0782f86e15635ea83efb92cf726075077ebdb6157afb94bbb4281979c609835ef7c3db2a8906

Download Submit
C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.criptfud@protonmail_com
Filesize
809KB

MD5
5a08a0f63f09b6cf31fcbbdfff4ae82e

SHA1
34b545d737a9183ca0e159318337647399c7d60c

SHA256
59273a3b0d543b9fa4ce4214b1f4eac91ae2cf4958c1186f1b6c0bc983f841fb

SHA512
c9e24031834cf7bb0b8d923e4ed86f3baac393d0bc673bb21456e23f4d3d26e3e2709a2a1d69c658fb3db2d30711c060488f83c54c0c35a24ec9188e68fa9fe2

Download Submit
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.criptfud@protonmail_com
Filesize
160B

MD5
9d3db333fd5d8ac7a938137c01eb4992

SHA1
a22636a340f6ff68050822ce41baba0862396dfa

SHA256
044eaf716be67fc8118fd5a9c11099337147de87956aba9e10c5750831784e77

SHA512
6bc9d566ffb4d6b41668754b9588563480241bc8eec952df0c7b9c48a10c1a1131eb7be443811d37a68aba999c768044b651be1a7168ddaa3c16e90f85c26006

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.criptfud@protonmail_com
Filesize
32B

MD5
1d3d0a28df56e1ac11ca1c81f65d37c0

SHA1
90fd322c563cfe0c53f7ce26aacc9f2b9719d24a

SHA256
e49b447043b2f2ce005a16d92687c3ecb4d81d40bbb3f16067c13c4438150a31

SHA512
a7e83eff22d5182da6246409cd961787fe3f91766eff06d0bde72c11f4e01da50c196bc7c60f457609e12151e88f3d18099a9424decadab702d124eb187865cc

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.criptfud@protonmail_com
Filesize
32B

MD5
baccd4d746ddcc9b5a2f50b48acac547

SHA1
12d0811623461f9b327e3eef8bf499aa99229101

SHA256
97e9fbc6c056af960d87bf9b0bcea3c20b59e63137a49d425d4095732db3e538

SHA512
cccf7636b711ccf2c11244540d385c37e644cf08f8b32913e664c8cd2523d675da363d98fe644cefc9ce7be8df6dcb04cab971149ad646de9366e8f70874ebcd

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.criptfud@protonmail_com
Filesize
32B

MD5
c2dba3f184bc5ad1b6208405da0a9681

SHA1
ce1706cbf3fff692d80ba0381994592762f15b14

SHA256
a68ef6cc107b4e1e2bac3719f841444127c9256a68444070890d1bb588b9b95a

SHA512
05e0a1271bc9d014c3be48f6d12e93c3fd93e5ed577a3196d14d94e9345733da3d8089c16470d809b712a4696a0f22e87f6fe5fdc74c7cd4b411ef75a49268e0

Download Submit
C:\Program Files\Java\jre7\lib\zi\GMT.criptfud@protonmail_com
Filesize
32B

MD5
292c0197efe0bc3c5af3fce92298087f

SHA1
81419d33c049cce5bb9fce415756dcbe15ebc64b

SHA256
919a35c74258dd47691ca030a4d6f5aacbe07e48fda70a16007f951ab2479fd2

SHA512
b0e4d29f0a91a5378c9f7d9aed40faf0d5b259ae7f0b8b7743afb9b594a38456927f11549c60211f00dc8f93f1aeff3446dcebfda745809803e59a9692529023

Download Submit
C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.criptfud@protonmail_com
Filesize
664KB

MD5
e56ec2cb6e6174e20ff5f5b6746e0780

SHA1
f1f57297f12fbf52c077c31d0eaa9d279b7b9314

SHA256
a3447f184a1de903aa2bf14eedf229aa460cfe8255a09adbfdc9d6d9c73a0a53

SHA512
683713e98bc30c286b91a0fce52efe5a03c8e18667e3a13bb54ee7459046786ae29fd918a6c90d9c5ec441c3e365c9078a26cadbbbe76be4c02d2bf2eaef29a0

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.criptfud@protonmail_com
Filesize
1KB

MD5
77c107824c51f32bde8b0e7221ed5ed4

SHA1
c93a57a635dd8496d780c29a48fb12db5a612972

SHA256
9b9e1f3d627395caf60c6598b50c1b55c3dace8c0b823774a1eeca8dc0a627e4

SHA512
c4382e63309707477d06dc8e6c2218a2220a71f67e1d84b0253925c51503cd233ffd41163181ba723d743d4bc510951925046440ffc700cdfea5a7402875f9b6

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.criptfud@protonmail_com
Filesize
4KB

MD5
8005288f945ab70937e5d12ec480c204

SHA1
1a6be7802dca0d323aed6bae346ab48abbe140b6

SHA256
872026543b28e39ff121f94f6a01b5d69eea99e3cab3012938c75965324f1026

SHA512
f609340a584cb188ecb0280b818c4bb164dd0c0e52ea1f0a64a9d2b5e2ee52fa252ff57b764958ec0242535b384c64a63598082337f3b875d41b62d4952f3b67

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.criptfud@protonmail_com
Filesize
4KB

MD5
3949beace84bf8478790ff118b4dc534

SHA1
01dc5b14e7e4e05eb3da3435cafbd19c6bcf3750

SHA256
48a3a35a12b3ae91188b169e2ed514a1fad68323ea8e6487860d679f01b5c174

SHA512
a13f28db610d2a864133f38ef75e22d1744d3c6a30955ae8f0a39036380b04c81e04fb6797c86439b2c5a6d8241fe8bc65f70b7252fa573ff9630ddf8e144d01

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.criptfud@protonmail_com
Filesize
680B

MD5
8c00c4fef29085a3b14b2d899746758b

SHA1
bff999c26f8b453bd296b40908b1fc29c6bb812d

SHA256
126f7e906fb7ae2bcde302dfd28c1bb6c2be7469b8b3dd9782000acdac220cd8

SHA512
ff46fe42a5f533abb84572a6476bb18744f8031538d33c3cd681b9af41aae91f1054d762114416b3c534beffca6b11cced61c52bebc328781812e12735852c47

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.criptfud@protonmail_com
Filesize
1KB

MD5
73caeb4971c0984b7e96a61fe0c859f7

SHA1
e92f3efe682e6b930cbe04a765ae3dcbda0ecb37

SHA256
5d82cad6b6811d566602ce0d3a3601a0ab46a4bad3d6814ddab5528f4d9aae21

SHA512
ed29278f79a5b5699784608138b57440c23eef3e098f62ee6920416ca2e76f74a307605f65fde1d05e245a18a95d9c165a89d0b47523573d0941b06fd0ca3031

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.criptfud@protonmail_com
Filesize
17KB

MD5
e12ec8cf22a8843de3570a090b49f982

SHA1
54a439f40521f6333c62965784ce83fcc910cc27

SHA256
79a98be6e42840a0ac22aed68a50e5c6610a12b2c80b2bd1263d48c9d4d3b4c6

SHA512
cf25159b660b4005da9acda73da3109586665e6c31e47c42cebba8d3c7910d0a2b258a03a33329dfc1a59d1b285f43fbaaf81652c1b70476746f468ded693edb

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.criptfud@protonmail_com
Filesize
9KB

MD5
6d34ae1f5148cb494397ba437f174a29

SHA1
6471558cf4c5c66af55e41254c35475304dea7b3

SHA256
cdffe2be94f3da34ed20d18b1765a99ba5f51d5a037738c7546e3fbba0f80b71

SHA512
fc867e0a5d78ecf5482b92d5aaebe95d926c75caafebb69c847a752670ab7f07bb78e9389d3d86c85a518bc7f03dd03f3e187749200ec67a475e92fc77dfc60c

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.criptfud@protonmail_com
Filesize
5KB

MD5
d811cc97a1c9b8a705c5f11269215bfc

SHA1
d5f36d3a2d16ce636cd5b0f1af32ab26aae630c1

SHA256
005994dd628231d0b0c760fc8eef3e836991567b62b62e314913215ec394cde9

SHA512
cd7d9cda3fdf4d23888cfadb393b36b0814223a0dcce89aa96ae722d2a245ed9aab05909b32691aae5f77256f3a7ba88ebab79f4ff3103625c6e86030310ff11

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.criptfud@protonmail_com
Filesize
65KB

MD5
d7ea8f8f6cf29a71facf315ac0f51730

SHA1
6ddcec089d0cb10ccb47b53bcfa11ceee13710d7

SHA256
21597032bf16aa5062f108676f7f277606d9999149f0e807a4b05d845590f6a1

SHA512
7d8eeb0469c3df804ecf618c727ecfded45caf1ab3adcc71023e620cc1332e54f7a7b1049553ec2a3d3f8c018ef74a4655d5cdbb30832a84352f43c4f42c21ce

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.criptfud@protonmail_com
Filesize
728B

MD5
2813f534f5b42adbf673a779b52a6463

SHA1
b4fef31a22d301c779ea8c50812d1082a99d12f5

SHA256
b988de964ff2e3f799713c0ac414afecb94b0e4c2ccc76cb8d236940306ae600

SHA512
8a20f995420e834493cc777bf3f3c3c2af17926a9290386788b233dceaca801cd7451852bdac9b7604de7333ad1ec4bd5dd341d51e92bae3a530c09759f80773

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.criptfud@protonmail_com
Filesize
5KB

MD5
f4984b54c36cac8b1032f8c5bcdfce67

SHA1
dca043d3143dbe5ff4282f10e825c0ff1041f6b0

SHA256
204f1a3f3415a1f2c2b233a52498e890ce9fc8e28b89e38b9d93cb8a02ff18bb

SHA512
53ef67917f8c65e8395c578a4a062e489e45345f7265eb87b9a4be4190b3914a5a6ec3d8cc58d715a9e3617034cd083be7afa318264971cdca599b7479274030

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.criptfud@protonmail_com
Filesize
7KB

MD5
ea20f0f0d3de2b89ec7d9a6a854f8904

SHA1
8c36beeb1e69549d45632a5ed8ec8b20d36c928f

SHA256
550230f1ef7812e5afb0d1979ccf00bf2950778bb6a2610a5fc6842710745368

SHA512
e4932a801478286d64c6bb664875cf092b6b58935b0680a41942a3a41c9a944490a6dfa449b071421e27b3fdda10c5cca971c3ea416e388aa3a3d67ef9be29f5

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.criptfud@protonmail_com
Filesize
4KB

MD5
faf6a9a2d8e05ec90656f40061423420

SHA1
08a45d5e6a8b354758d6d10c9c67cdf60f579fc1

SHA256
fdf991511d23af7bf9c1f6060933a281229533d8a8cac84daa2f2a94bf21e78f

SHA512
8fa1a0b2f3f96056e6b77c147933bccc3335199f00617087fe0723cd162adbd9ba3f4b734208c0b8387654fe144c0e86a62ef9e67d14eec7c1221d0efeb3cc42

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.criptfud@protonmail_com
Filesize
5KB

MD5
cf991316951ea891fa14754b79ba3c36

SHA1
8a2e1363cf18b8da117ea4677693ab8867c80061

SHA256
6277af62c02f0b6e7a9ee42e57a47c007706d538afc4398093afe06fc3f19a4f

SHA512
d80f72124d1d2c9ed901653d1954da1c198f8a0042f90c5dfd7d823b9f1c8be9a084e98c9d90c5b721aabd4117a713be3537546908c2f17098e08b77f987c28b

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.criptfud@protonmail_com
Filesize
2KB

MD5
009692b6324fa3273d431bb2b9a4c815

SHA1
6255158bcb8e0f05daf9ff361019d022da4fa7b2

SHA256
38bb9a0e337acfe3024f9825da750d98e3d4ef231d133cef9c282c32bfed09a5

SHA512
4d1a78e4eaf6fe7f995e7e010f88b9868e171c84b47fab1be1889c1d24842c728ddd6751fb03f97016b22af635d5bf43a2c5acdd6fe26e2780bcf87e5f01c9bf

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.criptfud@protonmail_com
Filesize
2KB

MD5
9a07c6143d0594e0b2a6ea6f51f398ff

SHA1
59e90797d05635a8a9acefb34f5884fe9d258ab8

SHA256
e36814d5b7491e135f2ac5dfa7ae51c1c544815c6162fa1eca223b3bb0750955

SHA512
5afde6939131a2f9c28d67420ed5c7cde273ff801de9525f6962013ae4a0c24555a5494d93793302d1dca64b276b284c2f7c4219cd50a69164edb12e86bb0f43

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.criptfud@protonmail_com
Filesize
1KB

MD5
b3b17ca90df7597d08ef47c533986290

SHA1
70417d1fa5bf6b61d564f1309c4307fc216e230f

SHA256
17fe9bbd8219857d877b0bdc81a7b16cdfde341f37d927b8ef2d7f41222a5e7a

SHA512
14b38a8a4bcd495af1db2bc8d115be25033b6b30e6679c13bd22da03fcdfa307081ae836a72652a349acf191bf6cb159f356607da97ffa3aeb3d20b77b329dfc

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.criptfud@protonmail_com
Filesize
5KB

MD5
a9d93a5bc18d7b544a465b4eecde3db8

SHA1
9f3ad3f6814442d682f020d47a7e1f646bb9fd49

SHA256
d7fca92793c9b31704395d01506ba5cc96b140be2087e10d509d7c9b36e5c485

SHA512
2acb2cd33a70c33f77aa319a8afb5aab0a904d33ce302a0cca57eb42c38b64bea56ee1235b1a4109482121ef532d4e70e9c63233f2347d4db55d9477d8e15eac

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.criptfud@protonmail_com
Filesize
6KB

MD5
9f6b0e264433d8c51bcff717dbdac35f

SHA1
bde29cef350f9a52bf6ba0f10522e3cc9ef73c0f

SHA256
a4506ea93f4fd0a69194bbd5d8ca61557cdb19b811ccaee9d09becb126045eec

SHA512
1364ffe352c978b72770a5c084bf1c814ae82df5d3e9612ee953e9b10f6a04be61240d2d0ccc63b389bcd91c77d22078c78bc9c7cb6baecd2a4c3e0bcb97ba86

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.criptfud@protonmail_com
Filesize
1KB

MD5
fec647c27f51d67dd34528f8192cecb9

SHA1
b5f557d4876cbc19822c31f4c8a377e6b7ac0a8b

SHA256
289d9e4ff483fc5a562d4a51ab88437a390277a7019e7274a19a5d924ba7b01e

SHA512
02451d3227b180498d51d3bb1c92816b6f6c1b571e9ff872d747411085f7183a684dbe49b0a4c9db169253027e9b27fa161e45e88cac3f73b7e79537c9895365

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.criptfud@protonmail_com
Filesize
4KB

MD5
0e0e441fbe8f7c6b1e82383f818b0dab

SHA1
e213f5cffdb984eb756550318741f8b1c523607b

SHA256
53c2cfabc01c25bf9dca2404395e09417384595badd9fed26b817c26bc299ce8

SHA512
a5f8ae64367121b0a0d6ee60e4036e05d81c9ee6cf62b0b826475524eb29ba7f106b57b61130923576a401021f343f578530feadec52c460616012bfc0bdb773

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.criptfud@protonmail_com
Filesize
5KB

MD5
5af4543e8a1ffafa234fd0bbe50a9b78

SHA1
d347ea4321c33ec0c4bf1d7e1e91d307e6efb0c1

SHA256
ec30effa2e6e990536c1da53bd6d440b011cde362a024a44d76618f99ec582d3

SHA512
f8b8d585b129487c6a2c82b213583892aa4a6b4822433910eba28e5d45da2ce0fc73a6a65118e37630bd14d9f19f3e58a52477ae89c9bcdf64b6c591c9fe6ed1

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.criptfud@protonmail_com
Filesize
5KB

MD5
04425bbd50d17948cb8cb1a82f143622

SHA1
cd11c8856b8026189ab4a8ad573ee8e98f5db834

SHA256
7f6ee2095eede0f751fd54212a77007a0dc6dbefaf1e7827fdb7255b46b2667f

SHA512
037cbd7e872bf70ad287f32bd51419bfdc411cca39335e8ceacdf1555f69c11905a713b9c0fe4909f3a891f91d9d650254a83cdea27a4100cc7d76132425d92d

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.criptfud@protonmail_com
Filesize
3KB

MD5
4bff8d645c8e7763186a2ab5adfc6fcb

SHA1
cd8be7dbde377a8960aad1e9e83c9b8494b8c0ee

SHA256
30bd6006c5649d2cecab1280d66922ad6fcb850c9927139aee27a4f65675f9a4

SHA512
7a5783aca00ee5a4124cf8057a0b1651d234703fa3f73c622da89dc3660cc512133d4808f32569262a2f7507bdfc83e748e64f09e8200a7446f314ae8b60409e

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.criptfud@protonmail_com
Filesize
976B

MD5
d471baf0fbf5ee3db9c11e99c4afb745

SHA1
29a8c888321e4719d7eb957d5db14f2151bb0ad4

SHA256
86599569a602a1fc2371964e1bdf83465857b47a0678c61dce1fd2769a1c4a84

SHA512
5744daf700dce9a7959c4ef50e8e841956531380bfcff05d5faee586b6f9c07485a30d852cce181b93d8c3e6a71b42728520bd907a26e9f1a3c709bd7a8c58a4

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.criptfud@protonmail_com
Filesize
9KB

MD5
a1fd87021a923ef55c67457352828a28

SHA1
27faeb199397f324788037cba0e18e92e95e0ed1

SHA256
5359556317d22a16c085616e8d06574f9d9f368460d37a511154735cfa256034

SHA512
3ad4dafd67a97b506d9b101c48c1c2337ef94554cbea879ee01f73aa611e486a63e8d9aef593987128cb9df972ff3e101d6bb35ed742694924cd4d5950345be5

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.criptfud@protonmail_com
Filesize
24KB

MD5
4796b2fb7343f8434fb3da31c2897ec7

SHA1
e948cd58fc3ff9d235e781f36f44b447a74821b0

SHA256
60b94c9e181f6594bf04fe18f8a9f198fd6931aa44c1bdd59d4fd8c5aad574b6

SHA512
3bdecd9c284a86d5053fdb504d7a180a7e5a85324746595acfd8767bfe7139d123cff7757639166cd2256d830389586a48bf2c330a0c29712b7773a0e87df58c

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.criptfud@protonmail_com
Filesize
1KB

MD5
531220b60b327f3cbade74b46329e509

SHA1
dc4a6392e7f889c3f9ff05e0bf97f7d24c152921

SHA256
32fd1dee02abf14bbfbf934d433c926d4775bfb6bec74454888cdd266cbbbdfb

SHA512
cc3400f9621cba5bc820279e1868828c432f2189dd4bbb132825a8a2a60b85fe56c092dd5113ad3a0a2e12a494e3ab926a77945cc6d9b204de0fcbc742107c29

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.criptfud@protonmail_com
Filesize
42KB

MD5
21794dafeb351e8209934175721924f4

SHA1
f9eaf83e68e8aa8e17046a66cc771ceaf813a020

SHA256
4fabff23ea5163976d295b1ae111a7c011f988a401f1a912bed41700eac22a2f

SHA512
036e3cb307539134f0bebee92ec27e77785cea583fcd4b5d93123ef45a38797f7b4cf8706a861496ca9446063862beed0ebc0964ee8476072c936879887abcb8

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.criptfud@protonmail_com
Filesize
14KB

MD5
b7a773389739c6b557840b92439a3e05

SHA1
46b46a94afda00dfd41b48bf9605752c094570d2

SHA256
42c95ebd6c1ca37ceac7aef120121aa32be7c80625d3d15681c491bf35b83e8f

SHA512
bfba97cdb8b0b547659da9fbaa122f04ad045e1bc4dccdddfb8444b96e38007e6c0acfd27cdf5e681a77c76d202b79f17b733d7a1c1f123253195655c5032a0b

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.criptfud@protonmail_com
Filesize
56KB

MD5
a8a94eae02755f9abc092b566ce50b27

SHA1
f2dbc7280d0e1f29a62d0ab0cdc737e266d1b30c

SHA256
94c272ac24e98b31ae7e776d8c61cbddb5cf32a5aadb259fc9fafd5cc4b2f0c4

SHA512
12bb5112482f271cb7d87721838fae361e666079807e7fe9c28cb9734092c7e84c0ba377dae92ddc0039b22d65e231deac4f5e4b0d08789a909b406d088b47b8

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.criptfud@protonmail_com
Filesize
132KB

MD5
042317a76b6f404d4d3ed3e2711f6e3b

SHA1
248cb95628c621935590dff06749430f374d3bf7

SHA256
1e674e0c03431ed31fd34e05925ec3cd0f15128bc0a1d5e02b8ccbdd6bb07ca5

SHA512
6f5b6a00caf8445e472d9f6dcb0255c2a5be311f056aaafc63b1a8c412d4f47a83f6f9d3e78f926f21c2f9e12a9cd958a1396304c528e3269f8eb0d632483ee9

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.criptfud@protonmail_com
Filesize
8KB

MD5
b1ffd019760a59470fea2a66321a96fb

SHA1
95918e8299f8f38ae1acae473ea4dd0444693a4b

SHA256
0f34fd3f3eecd9f7d2c5ce34a91d8586ba45ed4777e96ef1276d0c22502c4e26

SHA512
28ad7ee7b0a0b33ab2704a65aa4408c3ef7d92688c337171d2960bcbdf8a5fb3401cd275a5c23fd8977d7f91fb05aed2b3afed5539ebf3c52b5b141d04fd1793

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.criptfud@protonmail_com
Filesize
15KB

MD5
233f7a3ce3c939399e84fb5d72300f7a

SHA1
4bcf61b712bd9e581fa10250527e124f268faace

SHA256
22182690b785e9c4dda2a4a3da8b8c5fc306d360d27f7c485afd3593cbe3fb98

SHA512
60fa0679e8568dfbc45155fcb933599f78c806ed0c10b279bba3be9c4bb9a47e6c3a0aa824641950203afeedebaddfb942e718bf15ecc8d79506f24ddf97903f

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck.criptfud@protonmail_com
Filesize
8B

MD5
36440bb771686b0ca71e1f07fe0c6af8

SHA1
0ee3605e223878302afa025d6b796fe98d25ecf8

SHA256
199a2f17ce7ec3d3b7f77af61c7a2d4caff018294765fc107076d1be694884df

SHA512
31853794c5b8cbd25fc7fc908959a578934bdc1c0370abe903beedc8ada509cc0ec22ee58b8f1947e5fb31d89b222b1c15e169d4ac76a47316de05ab22e5fd8b

Download Submit
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.criptfud@protonmail_com
Filesize
140KB

MD5
4c9aa1b714a0d2fc03e52e32fa45edcd

SHA1
7b7d9dfc9f340dc7c6e44f503d3a1eba6e1fb2b2

SHA256
40846f3a1b2e30ff9d4b1733f00f9d876fa89c4ce537e8cee86018886b5455ff

SHA512
e789070e521388f85a59982e96ae811452311af4225df578d34294071e11299f6db4deb88c321b4304735677ad3ef9540a40cb6c9e4ecc2cee537b80062a20c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT.criptfud@protonmail_com
Filesize
24B

MD5
3dbc8b5f828e424104ae6bcea5a392c7

SHA1
1c27502b32788b1b94b4e3b32eb1ff755636edf0

SHA256
704e2577e84a8567f4cb82e8c53e9586d5ecb8f55f860e1e2d454dd98836c85d

SHA512
98ded6f520851d0aa3cd8389cf27655c78e5ee494cd712706ab8a8acdb4402a9ca5249958b662ac2cd9c0e784b193c896390bf89b7fdb129592a24b2ec10aa3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2.criptfud@protonmail_com
Filesize
8KB

MD5
9ecf8461e722e6cd7be2878542004715

SHA1
88bde1fd85cbe8674624ee224b735a3e718d0dd7

SHA256
24ca231d7f41e305e2908bdbe4a47f9440d8c23207d36a09b013ee2154d142f2

SHA512
a34c842a5b44bc389ac681338dc12f623c27b44e72629a3c1f92f0e7d6a5247de7b59294162b524421a3a7c1d5303e55e60e85e3bd52b5f1c379161c737385de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\J171AZTC\desktop.ini.criptfud@protonmail_com
Filesize
72B

MD5
6ec06a2262f59841f2d4da6dfedd78ba

SHA1
fff96360f5ac87f095e65722aec6a6e8e2913a20

SHA256
bf2f109b895a29206ded227cedb80319d091af547793e41f6a2aff13be3d7973

SHA512
5136a4410768ea20ebdb500b884b01bbb2115ddff7bb16f09b5472e5b3b9a6030392cdf9cc3c5efd642d11b6a25978340b84463f1350fb3f16cb5905c895a7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.criptfud@protonmail_com
Filesize
28KB

MD5
a05700db61af8203a7e9cc2d0855b4b1

SHA1
b8b41ba0b67ae4330498d4da40f621bfddd8263a

SHA256
7bf7d614dbf2dbbd13e39e8461bd2e5b42082d05a37eaa81d2e423aaa5e896d0

SHA512
21182c68ff62cf83fffcee30879d56fda3e6d95378e897472a2a04dec857c69b9074d958dd5e3cb5cbc3c7e5b5e53ead3100093c7b8c61e76889aabbfdf0409c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.criptfud@protonmail_com
Filesize
5KB

MD5
a302269fce33504bc8e01b6b1939b450

SHA1
443a404f2eec52d03a9bee05b3d2b237f1fb2741

SHA256
216d3e8594880abb668ac85b1e4a91b21645e6c7201ba34aeef1a74c1156a44b

SHA512
84cc0170e348e4a3f89f56816104a3a966d8f677fce324e7a42d51d1d998cba0920104522101c8b1bac076af2f662f7c58bbf1f31a262a7c2e500f3ad2c6609b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.criptfud@protonmail_com
Filesize
2.0MB

MD5
98ab7dc5cfd6cbf7422b963ea14e17ea

SHA1
d97645e001ffc9cb4ec687aae6ac30cb0b685b7c

SHA256
259217230d0770a87d6b5f0c18fb9e439e67977f01c6b330e7139641e7662d34

SHA512
597cb584f8851bd8cb8b1078c7c9bc82315126f1f79aec8046812821307c06664c2233950e5f6a20e226e06d373a6d3572c3d948ed7f9ebba11494b34cdcb4ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u2bjtpec.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.criptfud@protonmail_com
Filesize
48KB

MD5
6303f129dcd0440093c58a915528ff8f

SHA1
1a1cd063f9e5572de93cf08ae3a4fff4f1cdac04

SHA256
8d8b9cebe9141fa2fdea36ce9c07c16ee498e89b4f0f459ade5673c70246e688

SHA512
25fbe34f91c25d165a5f5bde25469bfebbf17678b17e1c6730016e853f52a12ff155fe988ef29a752d4938e447376cb69082ced91b5ff634bbc29edb20d57a40

Download Submit
C:\Windows\Help\Help\it-IT\Help.H1T.criptfud@protonmail_com
Filesize
392B

MD5
1a7576966bb2d5a9740a43d3136d81e6

SHA1
104cbe5c755cf7c22d4d22032a59ed4480f9830a

SHA256
7f8990dce0a9204838fb5e7fb57c51281a158b6876ba4f96aec28f30c0119c07

SHA512
ac74a5c9b68e41bd8c84b5c79ab17292050f79eb526361537f205f10be8b53169a503355437b2aabc094a8d8872ab9eea3d436f9351fe169964252d521c0dd62

Download Submit
C:\Windows\Help\Help\it-IT\Help.h1c.criptfud@protonmail_com
Filesize
1000B

MD5
d7620fa241a5e57f62af5a20ff31026b

SHA1
42ec384f8c640a07dcbc52f8acb755d7c1041147

SHA256
3dbe6e9b485fa329f1736af1f5825c0efb33ba831f3d8df02a22f072f1a8ceba

SHA512
4edb90406f96ee0e57595d8d7149e33f861466afdd940bb24153e65a34802759b640ccb3c084f353df17ae77080f1ac99d82d6b81e08fb5ae46ea75c4db3e01a

Download Submit
C:\Windows\Help\Help\it-IT\Help_AssetId.H1K.criptfud@protonmail_com
Filesize
112B

MD5
e0145a74d072fdf836c7c01469b850ec

SHA1
6f006d6ff53945515ea2c8a614fb72878845209e

SHA256
6b63449c6f87c64a68ec32b4c5a1a1f29b2a012417eee3d68a8841ce80f54727

SHA512
0bbe67726d623c7e9f039bb77e4eb4755a46028f82cf2eac0950b34ac42f0c1d3f29167b6b4e336de37b5921833496c0a9222d532db6e055a6d53883491d14df

Download Submit
C:\Windows\Help\Help\it-IT\Help_BestBet.H1K.criptfud@protonmail_com
Filesize
112B

MD5
02079a6b306fca44aeba2d87b7e1d769

SHA1
76a4ee072e5c1212c84df973e3e0c87b8843b576

SHA256
f17af6e88991dc4e2aa99bcf555e3b08d8ef18f3cf08018f8b988cfd00266f94

SHA512
f47e4d074530abd674f9ad6e70ae25245f24e0b21983974a839cade326f627299aeba74e19b0a33104e00f45ef32eee7c7ebdc2a03b6974dd1208b8956515484

Download Submit
C:\Windows\Help\Help\it-IT\Help_LinkTerm.H1K.criptfud@protonmail_com
Filesize
112B

MD5
c3642b72f4cf8208cb1d36303c5cfbe9

SHA1
e36839101bc3944321acd02b8c925c83e47f01ac

SHA256
9877f3902814797bf51f60710cb5036fc987698896c0069b0150efc9fb42b7b0

SHA512
d06ed899ef824b970e08165934c993d71c3f3cf899a8f771ba24b1fcdc56e066e1cb308d31be2694a8471bd2939e1f25d8d0db1c9cebf1bbc19c675502553ac1

Download Submit
C:\Windows\Help\Help\it-IT\Help_SubjectTerm.H1K.criptfud@protonmail_com
Filesize
112B

MD5
3c7cd5efbefe18af85e4ca88827653fb

SHA1
99214ef8f6aa165da77c01a667a828fa5e1d7c2a

SHA256
164d68576b1759e7db54c9765a375946d68ab268ce057ea21f0e7788c4a28c1a

SHA512
ab1d064c734c8962c799824d5b315c9aa3b72b54eae0f5027ef31cdcb4060fe1e6e539d0ab0501c487c5730266dd5b9936b8536fe97d075ce3c2bdae05d35c2b

Download Submit
C:\Windows\Help\Windows\it-IT\Windows.h1c.criptfud@protonmail_com
Filesize
1016B

MD5
35ea26063a899158f2b4d5665c7a6d28

SHA1
88eb1f9d8cc0625fe08f53d82b9f58c3988ba385

SHA256
dd36b0a79418d4309530a9439ba68df3b4c98639013a17c2bbc5a981ec12abc2

SHA512
81a969c08cc623a198568c88804c4ba8d4adee31e41c40f407abbd3c0d8e54f366c4e50630500f64eff96ef28ab25dd71a7dbb23e4362c743dbd69bd36028122

Download Submit
C:\Windows\Help\Windows\it-IT\artcon3.h1s.criptfud@protonmail_com
Filesize
51KB

MD5
57258c063dad660ec5845182226871bb

SHA1
c708482915188075558ba916da8548660fcc2170

SHA256
4cb21cf9bfb6aa0e40cc85bbb764d7f0757c845ccc9e6c909f1ba9f871a5386f

SHA512
221973b01724cb1ea06611b4231418bdc62706e2a70220c6e301747d8e55fc215eb5c62906aeae85d953cb4902208a66fa56880103dff8a233188dd514bb503f

Download Submit
C:\Windows\Media\Delta\Desktop.ini.criptfud@protonmail_com
Filesize
1KB

MD5
164a5450c26b9ed037ea158d56a89c95

SHA1
285236fcf7541e5b72d9849b3016981a69a8687a

SHA256
15a15b80313912a5099c3039d950c93e4e75ffeb6b32c45aca80f480b4c6cd11

SHA512
48ede1d757ecb23642d9ebdc3c729d87263276f69ce7bdbad450a8e85dfb14b937d124d71b85caf3c7bececb197a1c7d1b44f13825d6db9b8bd796abe13ecb4f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif.criptfud@protonmail_com
Filesize
56B

MD5
baee91897beef82d0fcc77c4d93a5693

SHA1
696c8a937ad3a8cdcb8ff7dc6cad902eb9804382

SHA256
92855b7558b25b03e37a308b587980d9a64448f3ee803da6ff4103aa2ee5a50a

SHA512
709c29a8cff1810fad1734e30bee1eaca29947d2d9335cf186a1f42415a172f9080136c3c24938bbe347f112e5aa1ee74c3322f0398c93e936049c7fc526c464

Download Submit
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\de\ServiceModel.mfl.uninstall.criptfud@protonmail_com
Filesize
152B

MD5
0d55166552c1791a15e2e9f7d5586e4a

SHA1
87bf5f385afea3daec1956c29fc66918c0da4646

SHA256
4b3e234fd38915aeb809ee852c63043abd3f0c62014d234c6d48b78ffc44dc51

SHA512
901bfb08745833b2d0083703725bf9eab42b26450c53cfe6c4f4f979c46bd9ef3a2a74a0c821c19b01e0248a6b7fb79334bada50257373fac30394557a130a64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ja\infocard.resources.dll.criptfud@protonmail_com
Filesize
900KB

MD5
5128d8646010aa2dbaf64ccbc68dc237

SHA1
c89a9401c76047370633ee49fd6c7579707c8c3e

SHA256
6c13541577b6c503c77ee46272219fbe7f2cfc455b5590da76531ea277194829

SHA512
47f3b4e7a123f1a2b1a6aaf6848029ee9a7980a40fc64f1215e1bd2587e0337eabd1bbd24c47aaa69addc552e4175b0649096594f6857324ae1a096955932cf2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe.config.criptfud@protonmail_com
Filesize
160B

MD5
34fd127731f3addc2ccb18d3432aaa79

SHA1
9361cb45a006cfceced506d65af6476ae38f090c

SHA256
649b6a6eb86e146b224a3fa6d03b0d3dcd39d402f25970fdd4db7b9dbd96cff1

SHA512
d7baa4472cda5d6016f1f970ed505a3f4341eb22128f592d422bcba3b4d8f3bb98313617a80acf034728fc669439844d39268e15767159735db5d266200d4683

Download Submit
C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe.config.criptfud@protonmail_com
Filesize
160B

MD5
65baf0bfe0aa4dff4cd4216afeb0ce48

SHA1
08fe000488f7c80ef57e7500524e1eb8f2e36d3a

SHA256
577ac1996aefaccd8b44cf2b1b9ee8b87cf7eadcd108e92714dfee757732f857

SHA512
67ac8de8e9bace7dc64b5c4389b4c4b9bc37d7555ca74b68cd83781f6fc4fa4d2b37b87360b9f1aa66ded1fbee1e88e6cf7380193f8019f56a3abee7a4b1ea26

Download Submit
C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.rsp.criptfud@protonmail_com
Filesize
736B

MD5
eef3b8907c6a6f464c2e1c27b04d814e

SHA1
a0b7b5c458488d968dcba3e766fd811cc611ded6

SHA256
dba9cd382ffb07c39a6d28cc1f9af2b9dc39d245024d3bac898a723016c51305

SHA512
f38804a0b9cf9ff535de4a0a5de9b053fd7f24b35238bd7518400343b950f8e00077c9b8810afacee65dc4bd1c71e4fea6870ea1bf125fef93abf32aa5455444

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif.criptfud@protonmail_com
Filesize
72B

MD5
25473b8ef95d0b267285738b6743bc18

SHA1
7127cd629149dc07b3535e39864fca5409834e29

SHA256
5ef3b7a2ad6ea93b640ee64718ce1e13d76e11bb68ff5a2056a0028208646d4b

SHA512
8d214059154bcbb38930db22810df3c740ec83d18c6acd6540cbc490aa2931bd2e7d4a2e83d9e4c3243c5d154b5d9dc1b256c7778e712fbd43cfec63aa66cf92

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif.criptfud@protonmail_com
Filesize
72B

MD5
0af09c596fd0768e7d9bbe0054998d0a

SHA1
e33b048682ae2f2209de50f400059ff0fc560d48

SHA256
b2147f235dc08802a047adc1b6fe86e9be34a51f54aa8726369f48b080bfcf80

SHA512
59f26f01e4d0c17e80b336bf28359fd4d3747985aca6453b35dd9e99022bca009a7dbd5fcdf5f7f845703b774f336dc93c6f4ccab591bd0c8b3989dd4abdeb42

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe.config.criptfud@protonmail_com
Filesize
168B

MD5
49ffa9a91e9c97e94760db5ef1a5a7b4

SHA1
76c736a2425e2af687acb3330019dbf206900262

SHA256
b20d040d0fb81f5c8cfab5c53885f6ec2dc8f6d11dcf77a9bd5550ac74483417

SHA512
d6475e308cd7e01b9a0c43b49ad0fc0e0532a45de411033c5972ac05346c9886a886fa87d62312ea9422775c50ea40d66b29556be2b0382f627f60594c26929f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_lowtrust.config.criptfud@protonmail_com
Filesize
7KB

MD5
4c5df1cf065b83f55befde8f6bf8bfcc

SHA1
cf6554736e0911665623a00ec052446ad9b14e16

SHA256
132fd124f47beead112c8f97759724b2da0524182a1d5a72d2ea303110c1bd88

SHA512
4b616d7ee331575bad9361708c5484e763739650a261cda7a69c3a262d9f752608bf433e8158baffa5ea4282d0d4af88f8d34b8a4c57ca12d322d95533382af6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_minimaltrust.config.criptfud@protonmail_com
Filesize
6KB

MD5
9b41d586dbd0aa31b13b9303998c0594

SHA1
9cabdf073f7584f64e97ba86e8c9dae2f8fd9e35

SHA256
61ce5d1a3aed619c24610c16a01f30b70d8f85c3ae8764bb7b922177692e7e63

SHA512
e3282356ccf2346cef19befcca97665aeffd76c303418bfdfcd566a5a4e5e30c67d2a818df8a5f5c0bd522a7dcc365ba128be80851027ced594ab2bb0364ac0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe.config.criptfud@protonmail_com
Filesize
184B

MD5
0394bf94a02a214dbd3758ad01a3c429

SHA1
ea5c4be4d64cd58330ba1725fd163864e956405c

SHA256
81b392ac232e272a6dcfd2e4922dc322579fba020dc0a171176fdf013c3e31f4

SHA512
22d281e6253d07f9dff1598fd58c0cbcf3c37757aa3814216be0bbb6e523b049145d1a4f08885ad8630662d08a82da49c1fc08411230d152bb6de6463664ac39

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.h.criptfud@protonmail_com
Filesize
448B

MD5
a4c3118e9d1349e57f89b7821aebf894

SHA1
1cbd4e465a6d78acbe351aca29cc716e59809699

SHA256
6a36d8a386481663f62e9ba4a8329c7178f51707c5752fee1585443f098bbc06

SHA512
462c89b9eca032a7458103a81985676c0ba10d6ad1a592100451f48244284e71a7729b8f8dd86a2a2af94fee6171f0657675d10e3c638d217b4d82beefb07a24

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\applaunch.exe.config.criptfud@protonmail_com
Filesize
288B

MD5
6fe9e37f16d87c5856edf36860861ab1

SHA1
a9c3fe54a1c280369b438eb4bf49c1a9c4373697

SHA256
855d8fb729c55ce8772f580352eb08580a12dea11c869ad7b4e2669d27f0e65b

SHA512
7ffc3206072470f45aa7641323117f8d56b699caa0d74407a7499b851dba1984bb0347fcb18c6aa72808b232954d504e9f141b1ef6857815df5fbf851cc2c76f

Download Submit
C:\Windows\Microsoft.NET\Framework\3082\admin.chm.criptfud@protonmail_com
Filesize
48KB

MD5
19186a010dd4e1149cd43c3885801a75

SHA1
1b45d44a98498dc48f9fd98c8784adb7030c9fd6

SHA256
1691e9fe29775b85a4ff2f85fb55aa30aaa594b9cde6784f9028d7110d1f8cc8

SHA512
45c7d2fb93307be3cde462b69f93c85e43d5ff5c7097b32b253ee5ee9a840fa8e91ddd5497f05460c05087345069d08b72584a816bec34a89dafb5deb219e69e

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\normidna.nlp.criptfud@protonmail_com
Filesize
57KB

MD5
25f1e8e0f086ebf6c7dcd8d1f6cca14b

SHA1
a843f8b2059479eb9775c800a3700299a7e3636b

SHA256
b562463ed913d89c4218eb1668d1ab777a4f41ad44df4a3d59e9954076887266

SHA512
179796019ceea4e591831d6f0d51cbf17abae32de0430ca2aacf89d3be9ab0323e78cdea304c29b5f3ee762799c4fabe900c8ec6a7212b02688db6d0d26adfea

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config.criptfud@protonmail_com
Filesize
184B

MD5
260a0ddeb5c7e834085cee335f8bebf9

SHA1
ef639301d0971b10b9796a249f21911a41b2dbef

SHA256
0c6ea59e020380af29bfff30254f22bd3eba5f9d1160b2446c8b45405e19b732

SHA512
45d7ab50aa093ad73e73a96e7b7b5eefced4419927e38a0817ffd5fbf246470303483d12b6f32bf1b0b3bbc357439406ee0bbef450beaa651573fbb000bc98d3

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll.criptfud@protonmail_com
Filesize
13KB

MD5
4ec89071b2f6233f6d7a7d67daac95dd

SHA1
366822f6abfa85eb8b5df52b150c3f41e08f7e97

SHA256
c9fd0cb0dafa753086bd41e273042484d7246af902252010a10f832d573bffe9

SHA512
261c83c0a6b9a7f5feaa02af877dd6fcecf228a0c1446b675b7c584f9b82d29d0bec1a0d68d9cb995b0e97368d35f9dbb9f8a5a76cdf68d16a813d61630f3d0d

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ja\infocard.resources.dll.criptfud@protonmail_com
Filesize
638KB

MD5
bc6778aab92a3b3b5f35dab5b07ccae7

SHA1
bd624b77fe70d5eec34e9c2a82fb81508818e55a

SHA256
28594f04fad1b7e4bc87b954b6944023276ebacf57522cda4256f5e36baff8c0

SHA512
cbcf7623feaf45f2a4222e8c4d72a894a4010f5a08a9d1470eed5e6055fca9af7caa02913650829f1f3e501a46f227bf1302a00caa34a1fed63a28763eb3acc4

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\MOF\ja\ServiceModel35.mfl.uninstall.criptfud@protonmail_com
Filesize
696B

MD5
3687d66ea7f3b48ee24ab9bc9cd17e8f

SHA1
606986b3af77211507ec3b6f67ca5c7c257dbcc7

SHA256
c2fc505b835cb196a4bd4fd4572a347a3a5eeef2269a1458198f19413f72c68f

SHA512
e32dde2e3377ceea5865fe1051f4456dd8eb974b2493d8f8afe7eeb7bed701040a0242fedcd0444822c151a013d6c5405e8e1e3e279a94852e0b3421712a3940

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\it\DropSqlPersistenceProviderLogic.sql.criptfud@protonmail_com
Filesize
2KB

MD5
ad50019a9bc3a3d8f1c2e2215861bee3

SHA1
83bd11036108ebe79aaf9c943bdfc5e77b80d8c8

SHA256
629224ab44d4df3c3c0956ccf713d7d25b75842521003eb228606189fd046bf1

SHA512
19e5614ed00166886e4c20093b537ce9628c835de9e807bfc5997f339339bda0aa71ea3ae15ffd925638cd52ea430050b021c902105a0f564069fa3748c34d83

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\it\SqlPersistenceProviderLogic.sql.criptfud@protonmail_com
Filesize
13KB

MD5
0e075b244f00a72d5133baa776fc7c55

SHA1
3d78bc77ce1074425d25ef0b0c526bb01e249030

SHA256
f50dc7a14a7f928f2d42f65c6337e1eaa08c19cfa0a6f1c3ba3aaf6a3c627520

SHA512
26b3b9057b9f77acccafb243ee50d9eee4cf59bfea94d5b4c7377c3736d460c3c33935fa84bc684ec5b0fedb7424add186b141c5220e77b7d40c94c1e5d226d9

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe.config.criptfud@protonmail_com
Filesize
224B

MD5
c5f155791362ee648ff59c0701aea641

SHA1
ca02895de355eba036d658a31328494d45823aff

SHA256
81b3f6ad8062b5f51da44975dbaba0ef52b05d34d67c62e465de6bf4eac2efc0

SHA512
1e6c2776ee860777a08a3dc927ab31e514909f9bf14b5fdc38e14db5bbf612bb5f2286a8efa302c82e7fa1ab025aad5bb6cef63a6bc4bc2dba79a0c3c1413ba3

Download Submit
C:\Windows\PLA\Reports\it-IT\Report.System.NetTrace.xml.criptfud@protonmail_com
Filesize
72B

MD5
b7ecc9f6a37c7044bb2c2c1e6aa19204

SHA1
867e3bcff373dd687bbe37917ac9febfc33d8878

SHA256
fcc1ce968ac045f038726b3a65df8d42ea8a9d20942cc42245016aa10cc5d3ba

SHA512
009712af311fbdd36a3b7f6b87ef4821dec7239d523e07e15baa60d927b8c61d540dfcf7e5e5c78d6f650fee7e8ca35d47135050a2a2b5adebad73f72d23def0

Download Submit
C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prncnfg.vbs.criptfud@protonmail_com
Filesize
104KB

MD5
f05ad03e7899d625dfbab5d1aebf41c8

SHA1
2adc4d828454f38c717f7fbcc997eb46cefed1db

SHA256
4c13e58805c0cf1304d7ec99c7f19d387b2d70a9f04ea0f3f81cfabb33df818b

SHA512
0909d65844229a415f6a59b164688ecc94ef656a98a1244204b2391daf23d761fac7384cd457945d3e9a7a1eef9b7cdb3f87db3f1e745c1493c622cd054e0b10

Download Submit
C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prnport.vbs.criptfud@protonmail_com
Filesize
56KB

MD5
b72333f7a9653c6b5977ed1d912ac923

SHA1
bec5e37244663eac508e15b8e9dc99964a7a471e

SHA256
60ad898f6cb8f77e594edc93116179b55669f32fc68b7f22d90b3efabb8d58f7

SHA512
0ebc4834d387a7628d28fa01f1d49293dfc8347240ec60218aa27ae4c1604d999bf422db7f105dcceaf5b5f342525c3f3e403cb1813eaddd06adbd02a6cef390

Download Submit
C:\Windows\SysWOW64\fr-FR\comexp.msc.criptfud@protonmail_com
Filesize
121KB

MD5
f6c66f54c426460ce521cf6cbebd06a8

SHA1
bbcf52a7324f00f2dc38b74253c19f13dadb1553

SHA256
3ad3067d4992fa17afb1858f50eeb198a7dbcfffbf8d8f3809702f10660d8a12

SHA512
cfd2c90e4f718b532e2e1a08f84dbad636709b9d4519bdc2e63a4e3bc76ce4b26200fa779f1003933d95338907e0628ede6204ef5452d6756ee41f5147f70954

Download Submit
C:\Windows\SysWOW64\fr-FR\compmgmt.msc.criptfud@protonmail_com
Filesize
110KB

MD5
0e873fd61246e51db1bb9a775d88c56b

SHA1
d1cfe34b93a3268b2fdf5290dd1d8caaef1c81ed

SHA256
b3e9cf15f01d336f0d46b063be6cfd5f7794ee705dd5361b442ac6a64c99c5ca

SHA512
b626db504ed27f5d3744652b874deda113157d34d985e1960b77be0ed25b626f73628bae9974886944baf8653e74855137661c1e59cb93414fc3f23bf7e1548c

Download Submit
C:\Windows\SysWOW64\fr-FR\gpedit.msc.criptfud@protonmail_com
Filesize
144KB

MD5
61dedffc0d2a40fb1b3dd83d306c38d9

SHA1
713f0b27e65c8a175d9aeedc816421920c4a7a49

SHA256
c0470fe63add1c28e337d5964c90cbe9b964d5affce169f0ea1b050ba08dc2de

SHA512
c42fa183a82b024b79176d23858036f13d10d9bf649ca62995745b980ebc148c2d407e055e7edb02b5c3b3bc1aa244578bc47d4fe16839a9ad432649c451fcaa

Download Submit
C:\Windows\SysWOW64\fr-FR\rsop.msc.criptfud@protonmail_com
Filesize
42KB

MD5
d48fddeb86999980371eb79296a64b3d

SHA1
a379d8f3f8f0174631b17eae1df7390c89dc57ed

SHA256
07e57de1de904e7029039e512590c6f1de243a36528080dd6866375218f8716b

SHA512
e51eb565ee970ea621e40d184aa9d1f0400bb6f74e5215c0119d47816bbcc969a1eb6acd0fb495c907ae6cc8e58626088f2d551e48c282154dd865656e120941

Download Submit
C:\Windows\SysWOW64\fr-FR\services.msc.criptfud@protonmail_com
Filesize
90KB

MD5
a39a217184ed23ab17acf962bd6bfb63

SHA1
16822703b320d532c49a9382166a79c56b07e597

SHA256
c7e423356eaaa15aaca57bf2ea179f1c78ce930a0a57f50797b075c18fc1d6b2

SHA512
115c3ddcc297bbaf17b2bf31b86e16cd4866f11fa5bc3eb9e1cceb2ba733cda6f98c009126ff0d681f722bbc1ae4ed906bf707107a678b69aefa66402e28c91f

Download Submit
C:\Windows\SysWOW64\migration\WSMT\rras\replacementmanifests\Microsoft-Windows-RasServer-MigPlugin\RasMigPlugin-Mig.dll.criptfud@protonmail_com
Filesize
168KB

MD5
a5a2038d02e6002030ba661974923d56

SHA1
fe3416f88a81c97d7dd8f3ed7a3b880101adb9f6

SHA256
f31af415e4b3e605ce9782db04af4fdbcfaa8553f579c7bea91483d26d9b956b

SHA512
5143e2258f39b1f816ea1b5cb516528490bca58fb2975c628e101a5ca47e49448fe3e4a7fc15fcf4a1aff70549403fefe58e4748008a8e0e1cd8ea0a9619d333

Download Submit
C:\Windows\SysWOW64\msvcp110_clr0400.dll.criptfud@protonmail_com
Filesize
18KB

MD5
201399bb1e1f2a20a22fe43402aeeda9

SHA1
c071946311801742f648d99df969fe2e1561625e

SHA256
578646e7d4cfa1de5ded50cfe2c2c12cd78a9145bd04db1a3d99759afaa4f97b

SHA512
d19b9797dfc546e01acfe3300954f5dc4aba49d000ef4be59bfbf2af329c6d86dc37f811a11fd57b4029d77355d21da262d588239e3f9aa5275d905e39a599fd

Download Submit
C:\Windows\SysWOW64\wbem\en-US\p2p-mesh.mfl.criptfud@protonmail_com
Filesize
8B

MD5
c49b3a4ed5f0923bcd1d3ef3bf48be83

SHA1
2c5a2447034c8c4f92d63d2c0cfeae72c8063714

SHA256
6e7c8c158b6512b3ae1dc6343b7987abea6d99338395207858d0727ea097c352

SHA512
c9de455d11a23234a8e33a34acaa0e2cf4a9eba534e6f14a88f85fcb52e30ce8432a9ea146c991899801d8e41dc49aa73f57864fb097fabac2cc0e60e72c41b6

Download Submit
C:\Windows\SysWOW64\wbem\it-IT\csv.xsl.criptfud@protonmail_com
Filesize
2KB

MD5
47f74ac92463b67336ef2bee0289b18e

SHA1
9808d15e0f305453bb81e505c1f6ee987169d5b5

SHA256
fce39fba6669a2f1440a9250bd186864ef32f8e2424b7801325bab726086661c

SHA512
8d998f994953c1320392f2d3326cd4b93e3b492fa3c2f3768c3b693f9d211a215893e105da477256d9ee2cf3ecf7db74ba5381444319a111dd9fb233de1e90fd

Download Submit
C:\Windows\SysWOW64\wbem\it-IT\mof.xsl.criptfud@protonmail_com
Filesize
9KB

MD5
99e0dd766730f25dbc616d1eb98b2ec8

SHA1
0987cacc174f117a66deb7bf7af934d1e918d120

SHA256
74a320107cc1199a1f008e8fd1979a07d00a50b7f8b1d4442b25f1c94ca3fa1c

SHA512
a3eb69b1e4522061d8102beaa319daaccd54b2f06923ec44f7d5cf42494272b7d0cd2663c85b880d5f7e91d537e67824df6d8c382720e4422d94f29ddd154d67

Download Submit
C:\Windows\SysWOW64\wbem\it-IT\wscenter.mfl.criptfud@protonmail_com
Filesize
48B

MD5
123711bf622d0b2f37eedb393c2c2be5

SHA1
d43fe540a0e6ee0a57becccc5e85a25153d7304c

SHA256
05571fea9447019764ece1034091e86f0ecd563d44954e1c8f279196428580fa

SHA512
f58c7529eaa2900c7298d1abeb658568bd9cc7bc7c8c77a34827ed301340c0308bae23b53f20a0ba58afcc26bbfa754924bf8f973a9830fb20b77ba559a3f7a0

Download Submit
C:\Windows\SysWOW64\wbem\it-IT\xml.xsl.criptfud@protonmail_com
Filesize
1KB

MD5
70e9fb68c5a1fa1b57012a5c4828af24

SHA1
34123a11913b1ef00b4078bd9b4364d24cbd93fd

SHA256
ac53e7baabe692b69463f33a8f5bcbee77f758b86947b534750a0a794d3152ae

SHA512
8ed87613904fb79b464080eaa33b2657d5531b6201685deeb38acbe2a2eaea8635b68d9d96cc8d88e40f07c76d3771ea1a188ea0469cd499afbc415ac4d49c2a

Download Submit
C:\Windows\ehome\wow\ehexthost32.exe.config.criptfud@protonmail_com
Filesize
2KB

MD5
71958afe582444371680f502d59898e1

SHA1
304379005735c7bceabd6c4c216b4afdc4d5826e

SHA256
bbfd9ce1e9ad903326540e44ca0a8d8fd35be9736b7016ee53de2b8c9b95446d

SHA512
1fefebf362a3c4b69a9754fb89baa7838e98db657028f647e9a031a2cde90a105207d8e02b9359fddb83d644894fdd5fb15cb1a721d02e717187e019c2a05f77

Download Submit
C:\Windows\inf\.NET CLR Data\0410\_DataPerfCounters_D.ini.criptfud@protonmail_com
Filesize
40B

MD5
aeb76fddfddc7c9730febef51fc3276f

SHA1
b4645bf4cce99d6ace26b978f1bcc04838bafda6

SHA256
722803dd2230ca45bad4572ecd325877ae2081e545fc75bf71580f4b925ba6d2

SHA512
014ce6eaa7765b2dad77ceee30350549f6aa82c606058721fae2a576f830c00df2250443befbdfdaef56107ac6f2a864d947cdfea5260708b4b407267f1a882d

Download Submit
C:\Windows\inf\.NET CLR Networking 4.0.0.0\0008\_Networkingperfcounters.ini.criptfud@protonmail_com
Filesize
162KB

MD5
6da4b00e6fdfbfd4d81a5af5dac7a7cd

SHA1
2817c8e211089ccc72131ad6f1ecf346880f606d

SHA256
62428216ce673705c42e94e4430aeb276c034e1df5ae1df650b3617cbaba8cde

SHA512
537843aa53e02fc7258c89dd411c90e6b6a22157c3b2a00e6fcced8cc6c5d1768da244f1608ac9aecf238601034356dba84c93b2d768ff751c31500ed3a24a04

Download Submit
C:\Windows\inf\.NET CLR Networking\0410\_Networkingperfcounters_D.ini.criptfud@protonmail_com
Filesize
48B

MD5
854e534d5845a9a63307002041985988

SHA1
774b111df9120417de17ba8e38d6eb96d89c5df7

SHA256
99c706acd0d9655701fe28ac9e5929c71639fab3760c05a0ddc10753911bc443

SHA512
2bb468009145004e69750b9a01fadf77d850d8e98ef0f2d000f731a91d8f5bcba81ca02cc9b403ed0ac0f215179b0bab9bb71f99a5516fc7c0a8a7a062e34ca8

Download Submit
C:\Windows\inf\.NET Data Provider for Oracle\0410\_DataOracleClientPerfCounters_shared12_neutral_D.ini.criptfud@protonmail_com
Filesize
72B

MD5
284fe3e7660704dcaa225803ea8a3bb5

SHA1
3803a9b33d7bc06060a9da938f917e0a0e534c55

SHA256
6501ef460b142b11ae3033c1085e9d72af60a4af8f4350075a49166ce38c9011

SHA512
3d097fa330bf980beb15bb39931905b56f88e8cd64e1464570a1f261982e1eb4cb2d9e53d9b2368beb4378b17869454c02b0987c66a3f95c0ab98db1f1e24d3d

Download Submit
C:\Windows\inf\.NET Data Provider for SqlServer\0410\_dataperfcounters_shared12_neutral_D.ini.criptfud@protonmail_com
Filesize
56B

MD5
4fa71fff3eba54d44cc5a8492f2a822d

SHA1
bed483ead2906464e1028fde26c7f781e23fcfb8

SHA256
6451780acf43db301d9ce79b374a6e60f2541fc11612633c126f0192e979acf6

SHA512
a38dc3592244793f9415bbaa1b4b1ca785423b1121e4ce004429d48dd8290864fba656d7b7bdeac299d3b878906978f90d9627d290879c5b327c5088d23cba73

Download Submit
C:\Windows\inf\.NETFramework\0410\corperfmonsymbols_D.ini.criptfud@protonmail_com
Filesize
40B

MD5
1e717c3adefb9ddbc7ed484dbcc77543

SHA1
69dcb8c1841ac4e74975d4bda957015c0a6d4fdf

SHA256
414519b8fe084015324f1d1bce37a7b5d5ae4112131c17a6a0302639b9c10f40

SHA512
fa168690f96122bef8413e0a45b01e1db00620db9521217f304e674384099e4d6fa46a9d29f21402e248f6f003018d487d7d495070440fa8473814c8563f861a

Download Submit
C:\Windows\inf\ASP.NET\0007\aspnet_perf2.ini.criptfud@protonmail_com
Filesize
972KB

MD5
da53a21da5391b33f9666556b010820f

SHA1
f2d3ec34add6092e74a24a4fa0743ee361e29061

SHA256
e9d46b8c7fb10eb80e0588d409f01c1feef3996f563a3af137bfdcb5f284b2b4

SHA512
5d7ad3411c68f6a03cf23d2c8198103adc9aadd63f16bf001951d43938b22bc255ba80bc52679b7aba20b6227ca83dcfc2e1de6eb1bda2cb66a9572e8994bdf1

Download Submit
C:\Windows\inf\ASP.NET_4.0.30319\0007\aspnet_perf.ini.criptfud@protonmail_com
Filesize
974KB

MD5
7ac15e1239fcb5d8b4aca2754bd50b9f

SHA1
c2d2587d4f9f111a478c45164fa649a987800e9b

SHA256
7646925ca6ffbcf6e321f2819a3520dc017d6461625db2dc6389904a07f7b8c6

SHA512
5e736b1cb13093e880e78e0ba829776e97a482c8e4839a7b45b4c5557d0e20e62376750a3db358a6566af930ccc58fefa0a6812466c27d739b40de85a1cacdc1

Download Submit
C:\Windows\inf\MSDTC Bridge 3.0.0.0\0410\_TransactionBridgePerfCounters_D.ini.criptfud@protonmail_com
Filesize
56B

MD5
8b2f06fdcdabada01e43d5393664c1ac

SHA1
412bc69c7259db387b2f923663a4b8f1ef1544a5

SHA256
1a4a74de134f284375846f84be3921fe204231fa87e74281065a0dfc9ba38659

SHA512
d7422d8b81d9b2b3f9401acb96001ff93301d532e7a29d76ee5794a4bd8006fe3da50a5881022c3f441bda7e9fe9d66fd3766f3dae6cd763533036853dfb2614

Download Submit
C:\Windows\inf\MSDTC Bridge 4.0.0.0\0008\_TransactionBridgePerfCounters.ini.criptfud@protonmail_com
Filesize
132KB

MD5
b62718b0efdc6fe3cf18210e1f387b08

SHA1
395929de29067a53ac19c261c1cd49e3bb48a2f6

SHA256
90c459e3bb7da73e9ae7a44b7104dbfd8b9e67913012a5e63e493e4ca1e19055

SHA512
28677150f5389a4303d3879be3c62bc3d986bd688cabe92573ae3241449a453dd5c1985e9615052fa1d001e00e781f2145771919104dbc9e24a9d7342eb7c4d9

Download Submit
C:\Windows\inf\PERFLIB\0411\perfc.dat.criptfud@protonmail_com
Filesize
30KB

MD5
778bc0a02cd2923ceb002719b378f56f

SHA1
20f2252bfdc71d746610f43a8391eb70bb37768a

SHA256
9eb6d59c9c81bf49d81d0d786feae97b3ec7ebbc6ea2d8f64701495b0e72a0d0

SHA512
e5817a3b1fda27c0e0350fbe400fa3e74fd15d9f5e83d4c6068fe06fd009dea1c6a886c3d4b91a361f3a78136c2b4c27c88b74660b086319e7f63a7ae6e87f03

Download Submit
C:\Windows\inf\SMSvcHost 3.0.0.0\0410\_SMSvcHostPerfCounters_D.ini.criptfud@protonmail_com
Filesize
48B

MD5
2aeac65919c91454f7527605f8d3dfa4

SHA1
160f58d0ebb9662ca71cf556ca1793ec11046b66

SHA256
95ed955253f66b6021597faea38b89b33c50b92619d4df8089cbf365b326a303

SHA512
55c5ec2f4ddc509487d1c9324ceaa5c45d3d9105d97625a494414f61f404a4f5965f8670966aa730f76fd906ca68e326d65e24c80deb6701f48368c5d71f4216

Download Submit
C:\Windows\inf\SMSvcHost 4.0.0.0\0008\_SMSvcHostPerfCounters.ini.criptfud@protonmail_com
Filesize
130KB

MD5
b2fbee9dda3c9249a644cdce94c6df91

SHA1
e335158084a1f76d55014426735a6b64e83f2230

SHA256
8d674ef8f30423be2e75dbc39d932cb75ecc20aeb5b43d50fe99b550de56ec30

SHA512
a845ac3bd0008c263105f2ff759c02bcfb7f4a3e6d23b2acdf81cc14f0ebc8880f3d5dcbd07cfbaa1e43a891d615c4fdeb339374ba379bdaf5c2162b42d21e17

Download Submit
C:\Windows\inf\ServiceModelEndpoint 3.0.0.0\0410\_ServiceModelEndpointPerfCounters_D.ini.criptfud@protonmail_com
Filesize
56B

MD5
c498a2be458dc82aabb1548e4c2da9f4

SHA1
80b894f98403d711b82787b89b0b91b3a59e2985

SHA256
615ffabcd3928c8bde27bab7a91155e2a16048d05c62dc2228b70d368b3b7c77

SHA512
ec2f5825e4dc10a610e4de903a94b37ddbb5d83ddce713037a80588e4c01bf8a37f4d85299bda072a35d6172a34cf82a24d2e9598967963b5edc6a08c72a369e

Download Submit
C:\Windows\inf\ServiceModelOperation 3.0.0.0\0410\_ServiceModelOperationPerfCounters_D.ini.criptfud@protonmail_com
Filesize
56B

MD5
e3195b831e701a5d12d0a2d75a01b81d

SHA1
0dd71ea6f1993f4b155dd24c51a8d52aa3415db8

SHA256
d43a1ec75400049302b988c9bcb0fad2007be9a57e8243ebed3e398df2bdd615

SHA512
ba77d59dc3b649eb36fa4253aa7b570373ac830d86eff9b6de6f80e12fb5bb12bc8874d3f1b067706e143bc8752b371e7db56154ab4a27888141ebab3ebc1025

Download Submit
C:\Windows\inf\ServiceModelService 3.0.0.0\0410\_ServiceModelServicePerfCounters_D.ini.criptfud@protonmail_com
Filesize
56B

MD5
35bebea835acd680d8bdbedb0eee3013

SHA1
95684cd1f82a6967f7eb47792c9619cc738ad2f4

SHA256
8e3195380bdb365079d4142ce94a7ed10ffe730888b5f480fd59e3d47d5ca283

SHA512
2cd35354724cb238930d735bd6801b15245c4a47d9bc1dcc66562d6cb0cfe8cc3e87fecaeb950bcfd8a403a077fbd541c6b2d5292b0630b046c25b077aa5c414

Download Submit
C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0410\PerfCounters_D.ini.criptfud@protonmail_com
Filesize
32B

MD5
319cb5a011ef1f67798bc5deba737e76

SHA1
fd666d9b9d5a0e9f768e1504f0dad8ff239c9d05

SHA256
46f30e5995bb50a31f1f919936deb394594a2bd16403d64d6c0199c982276928

SHA512
31138f9abdbb95d0ce6edcc9446bc2edc611079efe83d9e7c466b93cb1cdad0cbc3b701c1f206ae97bb5f9ce9a33566d7e31af7231ddc0b20809ccc15092d76d

Download Submit
C:\Windows\inf\Windows Workflow Foundation 4.0.0.0\0008\PerfCounters.ini.criptfud@protonmail_com
Filesize
150KB

MD5
73f7e9e5f0e64fa7b2c058da6e204c3c

SHA1
57914f2017ed6d9bb439592563d2f2d765d62d52

SHA256
2173e0a2c9a3ba07aa15aa719a64897c117982e89a9cc0f72afa529c9529ef02

SHA512
e460fd5c5ea0c6f3ea19efd6b342734b01d7d3a58e00a313a519efcadb5f382b8c4fd79e377ad16f4af6010cbbd9051a7d6db2363c1a7a2add5d5eaf36ea0689

Download Submit
C:\Windows\inf\aspnet_state\0007\aspnet_state_perf.ini.criptfud@protonmail_com
Filesize
41KB

MD5
0f14133804d4d9ffe51335e9e9df59b3

SHA1
3aa4a559e202613ed0ea5db7f49164e33e036c78

SHA256
846b1650f94cc64a5db945361cf81dcd8a10fac17a1b6453bc71d2a54e5c986d

SHA512
6ea1c3c5789daef2b484f452289bb6c55ff40c00ad02b3d4fd07a9c363f14887fb3569536d9d02705090390fb6c3eb730a7aab0cb597af5c6f872298573922a4

Download Submit
memory/2252-14-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-44-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-1-0x0000000004C40000-0x0000000004D7C000-memory.dmp

Filesize
1.2MB

Download
memory/2252-0-0x0000000074880000-0x0000000074F6E000-memory.dmp

Filesize
6.9MB

Download
memory/2252-3-0x00000000008B0000-0x00000000008F0000-memory.dmp

Filesize
256KB

Download
memory/2252-4-0x0000000004B00000-0x0000000004C3A000-memory.dmp

Filesize
1.2MB

Download
memory/2252-6-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-5-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-8-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-10-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-12-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-16-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-18-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-2-0x00000000008B0000-0x00000000008F0000-memory.dmp

Filesize
256KB

Download
memory/2252-22-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-20-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-24-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-28-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-26-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-30-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-34-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-38-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-42-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-175-0x0000000005120000-0x000000000535E000-memory.dmp

Filesize
2.2MB

Download
memory/2252-46-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-40-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-36-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-32-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-48-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-52-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-54-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-50-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-56-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-58-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-62-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-60-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-64-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-68-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-66-0x0000000004B00000-0x0000000004C34000-memory.dmp

Filesize
1.2MB

Download
memory/2252-173-0x00000000008B0000-0x00000000008F0000-memory.dmp

Filesize
256KB

Download
memory/2252-174-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2252-176-0x0000000074880000-0x0000000074F6E000-memory.dmp

Filesize
6.9MB

Download
memory/2252-177-0x00000000008B0000-0x00000000008F0000-memory.dmp

Filesize
256KB

Download
memory/2252-178-0x00000000008B0000-0x00000000008F0000-memory.dmp

Filesize
256KB

Download
memory/2252-179-0x00000000008B0000-0x00000000008F0000-memory.dmp

Filesize
256KB

Download
memory/2252-180-0x00000000008B0000-0x00000000008F0000-memory.dmp

Filesize
256KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads